az2aws 1.7.0 → 1.8.0

package/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## [1.8.0](https://github.com/kuma0128/az2aws/compare/v1.7.0...v1.8.0) (2026-04-27)
+
+
+### Features
+
+* show saved credential usage details ([#206](https://github.com/kuma0128/az2aws/issues/206)) ([04855cf](https://github.com/kuma0128/az2aws/commit/04855cf18e42f84ec2d639c825b0b6233730c3a0))
+
+
+### Bug Fixes
+
+* **login:** retry managed profile reset on Windows lock errors ([#199](https://github.com/kuma0128/az2aws/issues/199)) ([a4ad1c7](https://github.com/kuma0128/az2aws/commit/a4ad1c76d0f193cee16f17319e47449c6b5cba44))
+* **login:** skip non-az2aws profiles in --all-profiles ([#196](https://github.com/kuma0128/az2aws/issues/196)) ([0dc6820](https://github.com/kuma0128/az2aws/commit/0dc6820775ebf03637dda78a899e0e2c16c25561))
+* outdated references in README and docker-launch.sh ([#192](https://github.com/kuma0128/az2aws/issues/192)) ([79421ae](https://github.com/kuma0128/az2aws/commit/79421ae4c6c734cb81b37fde6a457e2b9c0752e8))
+
+
+### Performance Improvements
+
+* switch CI to Corepack and drop manual pnpm store cache ([a27b64c](https://github.com/kuma0128/az2aws/commit/a27b64c4183382a10618a6dfcae0ccf803261894))
+
 ## [1.7.0](https://github.com/kuma0128/az2aws/compare/v1.6.2...v1.7.0) (2026-04-13)
 
 

package/README.md

@@ -5,7 +5,7 @@
 
 # az2aws
 
-Log in to AWS CLI using [Azure Active Directory](https://azure.microsoft.com) SSO. Supports MFA and places temporary credentials in the proper location for AWS CLI and SDKs.
+Log in to AWS CLI using [Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/identity/) SSO. Supports MFA and places temporary credentials in the proper location for AWS CLI and SDKs.
 
 > **💡 Tip:** Let's be honest — typing `az2aws` correctly on the first try is harder than the AWS certification exam. Save your sanity:
 >
@@ -18,6 +18,25 @@ Log in to AWS CLI using [Azure Active Directory](https://azure.microsoft.com) SS
 >
 > Your fingers will thank you. Your keyboard will thank you. Your coworkers will stop hearing you swear.
 
+## Contents
+
+- [Installation](#installation)
+  - [mise (Recommended)](#mise-recommended)
+  - [npm](#npm)
+  - [Docker](#docker)
+  - [Snap](#snap)
+- [Command Options](#command-options)
+- [Usage](#usage)
+  - [Configuration](#configuration)
+  - [Logging In](#logging-in)
+- [Automation](#automation)
+  - [Which profiles `--all-profiles` refreshes](#which-profiles---all-profiles-refreshes)
+- [Getting Your Tenant ID and App ID URI](#getting-your-tenant-id-and-app-id-uri)
+- [How It Works](#how-it-works)
+- [Troubleshooting](#troubleshooting)
+- [Support for Other Authentication Providers](#support-for-other-authentication-providers)
+- [Acknowledgements](#acknowledgements)
+
 ## Installation
 
 ### mise (Recommended)
@@ -50,11 +69,11 @@ Install [Node.js](https://nodejs.org/) v24 or higher, then install az2aws:
 
 #### Linux Notes
 
-You must install [puppeteer dependencies](https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md#chrome-headless-doesnt-launch) first.
+You must install [puppeteer dependencies](https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md) first.
 
 **Install for all users:**
 
-    sudo npm install -g az2aws --unsafe-perm
+    sudo npm install -g az2aws
     sudo chmod -R go+rx $(npm root -g)
 
 **Install for current user only:**
@@ -79,7 +98,7 @@ under the installed `az2aws` package directory and run it with `node`.
 
 Run az2aws with a volume mounted to your AWS configuration directory:
 
-    docker run --rm -it -v ~/.aws:/root/.aws az2aws/az2aws
+    docker run --rm -it -v ~/.aws:/root/.aws taiseiito1000/az2aws
 
 You can also install the docker-launch.sh script to your PATH:
 
@@ -112,7 +131,7 @@ https://snapcraft.io/az2aws
 | `--no-prompt` | Skip prompts, use defaults |
 | `--enable-chrome-network-service` | Enable Network Service (for 3XX redirects) |
 | `--no-verify-ssl` | Disable AWS SSL verification |
-| `--enable-chrome-seamless-sso` | Enable Azure AD Seamless SSO |
+| `--enable-chrome-seamless-sso` | Enable Microsoft Entra Seamless SSO |
 | `--no-disable-extensions` | Keep browser extensions enabled |
 | `--disable-gpu` | Disable GPU acceleration |
 | `--incognito` | Open the login flow in an incognito browser context |
@@ -180,7 +199,7 @@ Example stdout payload:
 
 You can set defaults via environment variables (use with `--no-prompt`):
 
-- `AZURE_TENANT_ID` / `AZURE_APP_ID_URI` - Azure AD settings
+- `AZURE_TENANT_ID` / `AZURE_APP_ID_URI` - Microsoft Entra ID settings
 - `AZURE_DEFAULT_USERNAME` / `AZURE_DEFAULT_PASSWORD` - Credentials
 - `AZURE_DEFAULT_ROLE_ARN` / `AZURE_DEFAULT_DURATION_HOURS` - AWS role settings
 
@@ -272,9 +291,25 @@ Renew all profiles at once:
 
 Credentials are only refreshed if expiring within 11 minutes - safe to run as a cron job.
 
+### Which profiles `--all-profiles` refreshes
+
+`--all-profiles` iterates every `[default]` / `[profile <name>]` section in
+`~/.aws/config` that has **at least one `azure_*` key** (e.g.
+`azure_tenant_id`, `azure_app_id_uri`, `azure_default_role_arn`). Sections
+without any `azure_*` key — plain AWS profiles, `[sso-session ...]`,
+`[services ...]` — are skipped.
+
+Profiles that intentionally keep `azure_tenant_id` / `azure_app_id_uri` in
+environment variables (`AZURE_TENANT_ID`, `AZURE_APP_ID_URI`) instead of
+the config file are still refreshed, as long as they have some other
+`azure_*` key on disk. If required values are missing even after the
+env-var merge, az2aws fails loudly with
+`Profile '<name>' is not configured properly.` rather than skipping
+silently.
+
 ## Getting Your Tenant ID and App ID URI
 
-Ask your Azure AD admin for these values, or extract them from myapps.microsoft.com:
+Ask your Microsoft Entra ID admin for these values, or extract them from myapps.microsoft.com:
 
 1. Load the myapps.microsoft.com page.
 2. Click the app tile for the login you want.
@@ -288,7 +323,7 @@ Ask your Azure AD admin for these values, or extract them from myapps.microsoft.
 
 ## How It Works
 
-az2aws uses [Puppeteer](https://github.com/GoogleChrome/puppeteer) to automate a Chromium browser for Azure AD login. It parses the SAML response and calls [AWS STS AssumeRoleWithSAML](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html) to get temporary credentials.
+az2aws uses [Puppeteer](https://github.com/puppeteer/puppeteer) to automate a Chromium browser for Microsoft Entra ID login. It parses the SAML response and calls [AWS STS AssumeRoleWithSAML](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html) to get temporary credentials.
 
 ## Troubleshooting
 
@@ -300,7 +335,7 @@ If login fails, try these in order:
 
 ## Support for Other Authentication Providers
 
-This tool only supports Azure AD. Contributions for other SAML providers are welcome - open an issue on GitHub to discuss.
+This tool only supports Microsoft Entra ID. Contributions for other SAML providers are welcome - open an issue on GitHub to discuss.
 
 ## Acknowledgements
 

package/lib/awsConfig.js

@@ -140,6 +140,38 @@ exports.awsConfig = {
         debug(`Received profiles: ${profiles.toString()}`);
         return profiles;
     },
+    async getAz2awsProfileNames() {
+        debug(`Getting az2aws-configured profiles from config.`);
+        const config = (await this._loadAsync("config")) || {};
+        const profiles = [];
+        for (const [sectionName, sectionConfig] of Object.entries(config)) {
+            let profileName;
+            if (sectionName === "default") {
+                profileName = "default";
+            }
+            else if (sectionName.startsWith("profile ")) {
+                profileName = sectionName.substring("profile ".length);
+            }
+            else {
+                debug(`Skipping non-profile section '${sectionName}'`);
+                continue;
+            }
+            // Treat a profile as az2aws-managed if it has at least one azure_* key.
+            // Required values (azure_tenant_id / azure_app_id_uri) may still be
+            // supplied by environment variables at runtime, so don't hard-require
+            // them in the config file.
+            const hasAzureKey = sectionConfig &&
+                typeof sectionConfig === "object" &&
+                Object.keys(sectionConfig).some((key) => key.startsWith("azure_"));
+            if (!hasAzureKey) {
+                debug(`Skipping profile '${profileName}' because it has no az2aws (azure_*) keys`);
+                continue;
+            }
+            profiles.push(profileName);
+        }
+        debug(`Received az2aws profiles: ${profiles.toString()}`);
+        return profiles;
+    },
     async _loadAsync(type) {
         const targetPath = paths_1.paths[type];
         if (!targetPath)

package/lib/login.js

@@ -41,6 +41,11 @@ const getProxyUrl = () => process.env.https_proxy ||
     process.env.HTTPS_PROXY ||
     process.env.http_proxy ||
     process.env.HTTP_PROXY;
+function printCredentialsReadyMessage(profileName, credentials) {
+    console.log();
+    console.log(`Credentials expire at ${credentials.aws_expiration}.`);
+    console.log(`Use them with AWS CLI by passing --profile "${profileName}".`);
+}
 function handleBackgroundPromise(promise, description) {
     void promise.catch((error) => {
         const message = (0, sensitiveOutput_1.formatDebugErrorMessage)(error);
@@ -114,7 +119,7 @@ exports.login = {
         }
     },
     async loginAll(mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, forceRefresh, noDisableExtensions, disableGpu, incognito = false) {
-        const profiles = await awsConfig_1.awsConfig.getAllProfileNames();
+        const profiles = await awsConfig_1.awsConfig.getAz2awsProfileNames();
         for (const profile of profiles) {
             debug(`Check if profile ${profile} is expired or is about to expire`);
             if (!forceRefresh &&
@@ -292,7 +297,12 @@ exports.login = {
                     !paths_1.paths.userDataDir) {
                     debug("Browser launch failed with TargetCloseError. Resetting managed browser profile.");
                     console.warn("Browser profile appears incompatible. Resetting profile data and retrying...");
-                    await promises_2.default.rm(paths_1.paths.chromium, { recursive: true, force: true });
+                    await promises_2.default.rm(paths_1.paths.chromium, {
+                        recursive: true,
+                        force: true,
+                        maxRetries: 5,
+                        retryDelay: 100,
+                    });
                     await promises_2.default.mkdir(paths_1.paths.chromium, { recursive: true });
                     browser = await puppeteer_1.default.launch(launchParams);
                 }
@@ -634,6 +644,7 @@ exports.login = {
         };
         if (writeProfile) {
             await awsConfig_1.awsConfig.setProfileCredentialsAsync(profileName, credentials);
+            printCredentialsReadyMessage(profileName, credentials);
         }
         return credentials;
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "az2aws",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Use Azure AD SSO to log into the AWS CLI. A modern, actively maintained alternative to aws-azure-login.",
   "main": "lib/index.js",
   "author": {
@@ -37,14 +37,14 @@
   "engines": {
     "node": ">=24.0"
   },
-  "packageManager": "pnpm@10.29.3",
+  "packageManager": "pnpm@10.33.2",
   "pnpm": {
     "onlyBuiltDependencies": [
       "esbuild",
       "puppeteer"
     ],
     "overrides": {
-      "basic-ftp@<5.2.1": "5.2.2",
+      "basic-ftp@<5.3.0": "5.3.0",
       "brace-expansion@<1.1.13": "1.1.13",
       "yauzl@<3.2.1": "3.2.1"
     }

package/pnpm-workspace.yaml

@@ -0,0 +1,5 @@
+packages:
+  - .
+
+managePackageManagerVersions: false
+verifyDepsBeforeRun: false