az2aws 1.7.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +26 -0
- package/README.md +44 -9
- package/lib/awsConfig.js +32 -0
- package/lib/login.js +13 -2
- package/lib/updateNotifier.js +1 -1
- package/package.json +3 -3
- package/pnpm-workspace.yaml +5 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,31 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.8.1](https://github.com/kuma0128/az2aws/compare/v1.8.0...v1.8.1) (2026-05-07)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* **update-notifier:** shorten cache TTL to 6 hours ([#207](https://github.com/kuma0128/az2aws/issues/207)) ([4112845](https://github.com/kuma0128/az2aws/commit/411284573c6609832ec63914f7cfc2ff44eb2340))
|
|
9
|
+
|
|
10
|
+
## [1.8.0](https://github.com/kuma0128/az2aws/compare/v1.7.0...v1.8.0) (2026-04-27)
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
### Features
|
|
14
|
+
|
|
15
|
+
* show saved credential usage details ([#206](https://github.com/kuma0128/az2aws/issues/206)) ([04855cf](https://github.com/kuma0128/az2aws/commit/04855cf18e42f84ec2d639c825b0b6233730c3a0))
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
### Bug Fixes
|
|
19
|
+
|
|
20
|
+
* **login:** retry managed profile reset on Windows lock errors ([#199](https://github.com/kuma0128/az2aws/issues/199)) ([a4ad1c7](https://github.com/kuma0128/az2aws/commit/a4ad1c76d0f193cee16f17319e47449c6b5cba44))
|
|
21
|
+
* **login:** skip non-az2aws profiles in --all-profiles ([#196](https://github.com/kuma0128/az2aws/issues/196)) ([0dc6820](https://github.com/kuma0128/az2aws/commit/0dc6820775ebf03637dda78a899e0e2c16c25561))
|
|
22
|
+
* outdated references in README and docker-launch.sh ([#192](https://github.com/kuma0128/az2aws/issues/192)) ([79421ae](https://github.com/kuma0128/az2aws/commit/79421ae4c6c734cb81b37fde6a457e2b9c0752e8))
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
### Performance Improvements
|
|
26
|
+
|
|
27
|
+
* switch CI to Corepack and drop manual pnpm store cache ([a27b64c](https://github.com/kuma0128/az2aws/commit/a27b64c4183382a10618a6dfcae0ccf803261894))
|
|
28
|
+
|
|
3
29
|
## [1.7.0](https://github.com/kuma0128/az2aws/compare/v1.6.2...v1.7.0) (2026-04-13)
|
|
4
30
|
|
|
5
31
|
|
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
# az2aws
|
|
7
7
|
|
|
8
|
-
Log in to AWS CLI using [
|
|
8
|
+
Log in to AWS CLI using [Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/identity/) SSO. Supports MFA and places temporary credentials in the proper location for AWS CLI and SDKs.
|
|
9
9
|
|
|
10
10
|
> **💡 Tip:** Let's be honest — typing `az2aws` correctly on the first try is harder than the AWS certification exam. Save your sanity:
|
|
11
11
|
>
|
|
@@ -18,6 +18,25 @@ Log in to AWS CLI using [Azure Active Directory](https://azure.microsoft.com) SS
|
|
|
18
18
|
>
|
|
19
19
|
> Your fingers will thank you. Your keyboard will thank you. Your coworkers will stop hearing you swear.
|
|
20
20
|
|
|
21
|
+
## Contents
|
|
22
|
+
|
|
23
|
+
- [Installation](#installation)
|
|
24
|
+
- [mise (Recommended)](#mise-recommended)
|
|
25
|
+
- [npm](#npm)
|
|
26
|
+
- [Docker](#docker)
|
|
27
|
+
- [Snap](#snap)
|
|
28
|
+
- [Command Options](#command-options)
|
|
29
|
+
- [Usage](#usage)
|
|
30
|
+
- [Configuration](#configuration)
|
|
31
|
+
- [Logging In](#logging-in)
|
|
32
|
+
- [Automation](#automation)
|
|
33
|
+
- [Which profiles `--all-profiles` refreshes](#which-profiles---all-profiles-refreshes)
|
|
34
|
+
- [Getting Your Tenant ID and App ID URI](#getting-your-tenant-id-and-app-id-uri)
|
|
35
|
+
- [How It Works](#how-it-works)
|
|
36
|
+
- [Troubleshooting](#troubleshooting)
|
|
37
|
+
- [Support for Other Authentication Providers](#support-for-other-authentication-providers)
|
|
38
|
+
- [Acknowledgements](#acknowledgements)
|
|
39
|
+
|
|
21
40
|
## Installation
|
|
22
41
|
|
|
23
42
|
### mise (Recommended)
|
|
@@ -50,11 +69,11 @@ Install [Node.js](https://nodejs.org/) v24 or higher, then install az2aws:
|
|
|
50
69
|
|
|
51
70
|
#### Linux Notes
|
|
52
71
|
|
|
53
|
-
You must install [puppeteer dependencies](https://github.com/
|
|
72
|
+
You must install [puppeteer dependencies](https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md) first.
|
|
54
73
|
|
|
55
74
|
**Install for all users:**
|
|
56
75
|
|
|
57
|
-
sudo npm install -g az2aws
|
|
76
|
+
sudo npm install -g az2aws
|
|
58
77
|
sudo chmod -R go+rx $(npm root -g)
|
|
59
78
|
|
|
60
79
|
**Install for current user only:**
|
|
@@ -79,7 +98,7 @@ under the installed `az2aws` package directory and run it with `node`.
|
|
|
79
98
|
|
|
80
99
|
Run az2aws with a volume mounted to your AWS configuration directory:
|
|
81
100
|
|
|
82
|
-
docker run --rm -it -v ~/.aws:/root/.aws
|
|
101
|
+
docker run --rm -it -v ~/.aws:/root/.aws taiseiito1000/az2aws
|
|
83
102
|
|
|
84
103
|
You can also install the docker-launch.sh script to your PATH:
|
|
85
104
|
|
|
@@ -112,7 +131,7 @@ https://snapcraft.io/az2aws
|
|
|
112
131
|
| `--no-prompt` | Skip prompts, use defaults |
|
|
113
132
|
| `--enable-chrome-network-service` | Enable Network Service (for 3XX redirects) |
|
|
114
133
|
| `--no-verify-ssl` | Disable AWS SSL verification |
|
|
115
|
-
| `--enable-chrome-seamless-sso` | Enable
|
|
134
|
+
| `--enable-chrome-seamless-sso` | Enable Microsoft Entra Seamless SSO |
|
|
116
135
|
| `--no-disable-extensions` | Keep browser extensions enabled |
|
|
117
136
|
| `--disable-gpu` | Disable GPU acceleration |
|
|
118
137
|
| `--incognito` | Open the login flow in an incognito browser context |
|
|
@@ -180,7 +199,7 @@ Example stdout payload:
|
|
|
180
199
|
|
|
181
200
|
You can set defaults via environment variables (use with `--no-prompt`):
|
|
182
201
|
|
|
183
|
-
- `AZURE_TENANT_ID` / `AZURE_APP_ID_URI` -
|
|
202
|
+
- `AZURE_TENANT_ID` / `AZURE_APP_ID_URI` - Microsoft Entra ID settings
|
|
184
203
|
- `AZURE_DEFAULT_USERNAME` / `AZURE_DEFAULT_PASSWORD` - Credentials
|
|
185
204
|
- `AZURE_DEFAULT_ROLE_ARN` / `AZURE_DEFAULT_DURATION_HOURS` - AWS role settings
|
|
186
205
|
|
|
@@ -272,9 +291,25 @@ Renew all profiles at once:
|
|
|
272
291
|
|
|
273
292
|
Credentials are only refreshed if expiring within 11 minutes - safe to run as a cron job.
|
|
274
293
|
|
|
294
|
+
### Which profiles `--all-profiles` refreshes
|
|
295
|
+
|
|
296
|
+
`--all-profiles` iterates every `[default]` / `[profile <name>]` section in
|
|
297
|
+
`~/.aws/config` that has **at least one `azure_*` key** (e.g.
|
|
298
|
+
`azure_tenant_id`, `azure_app_id_uri`, `azure_default_role_arn`). Sections
|
|
299
|
+
without any `azure_*` key — plain AWS profiles, `[sso-session ...]`,
|
|
300
|
+
`[services ...]` — are skipped.
|
|
301
|
+
|
|
302
|
+
Profiles that intentionally keep `azure_tenant_id` / `azure_app_id_uri` in
|
|
303
|
+
environment variables (`AZURE_TENANT_ID`, `AZURE_APP_ID_URI`) instead of
|
|
304
|
+
the config file are still refreshed, as long as they have some other
|
|
305
|
+
`azure_*` key on disk. If required values are missing even after the
|
|
306
|
+
env-var merge, az2aws fails loudly with
|
|
307
|
+
`Profile '<name>' is not configured properly.` rather than skipping
|
|
308
|
+
silently.
|
|
309
|
+
|
|
275
310
|
## Getting Your Tenant ID and App ID URI
|
|
276
311
|
|
|
277
|
-
Ask your
|
|
312
|
+
Ask your Microsoft Entra ID admin for these values, or extract them from myapps.microsoft.com:
|
|
278
313
|
|
|
279
314
|
1. Load the myapps.microsoft.com page.
|
|
280
315
|
2. Click the app tile for the login you want.
|
|
@@ -288,7 +323,7 @@ Ask your Azure AD admin for these values, or extract them from myapps.microsoft.
|
|
|
288
323
|
|
|
289
324
|
## How It Works
|
|
290
325
|
|
|
291
|
-
az2aws uses [Puppeteer](https://github.com/
|
|
326
|
+
az2aws uses [Puppeteer](https://github.com/puppeteer/puppeteer) to automate a Chromium browser for Microsoft Entra ID login. It parses the SAML response and calls [AWS STS AssumeRoleWithSAML](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html) to get temporary credentials.
|
|
292
327
|
|
|
293
328
|
## Troubleshooting
|
|
294
329
|
|
|
@@ -300,7 +335,7 @@ If login fails, try these in order:
|
|
|
300
335
|
|
|
301
336
|
## Support for Other Authentication Providers
|
|
302
337
|
|
|
303
|
-
This tool only supports
|
|
338
|
+
This tool only supports Microsoft Entra ID. Contributions for other SAML providers are welcome - open an issue on GitHub to discuss.
|
|
304
339
|
|
|
305
340
|
## Acknowledgements
|
|
306
341
|
|
package/lib/awsConfig.js
CHANGED
|
@@ -140,6 +140,38 @@ exports.awsConfig = {
|
|
|
140
140
|
debug(`Received profiles: ${profiles.toString()}`);
|
|
141
141
|
return profiles;
|
|
142
142
|
},
|
|
143
|
+
async getAz2awsProfileNames() {
|
|
144
|
+
debug(`Getting az2aws-configured profiles from config.`);
|
|
145
|
+
const config = (await this._loadAsync("config")) || {};
|
|
146
|
+
const profiles = [];
|
|
147
|
+
for (const [sectionName, sectionConfig] of Object.entries(config)) {
|
|
148
|
+
let profileName;
|
|
149
|
+
if (sectionName === "default") {
|
|
150
|
+
profileName = "default";
|
|
151
|
+
}
|
|
152
|
+
else if (sectionName.startsWith("profile ")) {
|
|
153
|
+
profileName = sectionName.substring("profile ".length);
|
|
154
|
+
}
|
|
155
|
+
else {
|
|
156
|
+
debug(`Skipping non-profile section '${sectionName}'`);
|
|
157
|
+
continue;
|
|
158
|
+
}
|
|
159
|
+
// Treat a profile as az2aws-managed if it has at least one azure_* key.
|
|
160
|
+
// Required values (azure_tenant_id / azure_app_id_uri) may still be
|
|
161
|
+
// supplied by environment variables at runtime, so don't hard-require
|
|
162
|
+
// them in the config file.
|
|
163
|
+
const hasAzureKey = sectionConfig &&
|
|
164
|
+
typeof sectionConfig === "object" &&
|
|
165
|
+
Object.keys(sectionConfig).some((key) => key.startsWith("azure_"));
|
|
166
|
+
if (!hasAzureKey) {
|
|
167
|
+
debug(`Skipping profile '${profileName}' because it has no az2aws (azure_*) keys`);
|
|
168
|
+
continue;
|
|
169
|
+
}
|
|
170
|
+
profiles.push(profileName);
|
|
171
|
+
}
|
|
172
|
+
debug(`Received az2aws profiles: ${profiles.toString()}`);
|
|
173
|
+
return profiles;
|
|
174
|
+
},
|
|
143
175
|
async _loadAsync(type) {
|
|
144
176
|
const targetPath = paths_1.paths[type];
|
|
145
177
|
if (!targetPath)
|
package/lib/login.js
CHANGED
|
@@ -41,6 +41,11 @@ const getProxyUrl = () => process.env.https_proxy ||
|
|
|
41
41
|
process.env.HTTPS_PROXY ||
|
|
42
42
|
process.env.http_proxy ||
|
|
43
43
|
process.env.HTTP_PROXY;
|
|
44
|
+
function printCredentialsReadyMessage(profileName, credentials) {
|
|
45
|
+
console.log();
|
|
46
|
+
console.log(`Credentials expire at ${credentials.aws_expiration}.`);
|
|
47
|
+
console.log(`Use them with AWS CLI by passing --profile "${profileName}".`);
|
|
48
|
+
}
|
|
44
49
|
function handleBackgroundPromise(promise, description) {
|
|
45
50
|
void promise.catch((error) => {
|
|
46
51
|
const message = (0, sensitiveOutput_1.formatDebugErrorMessage)(error);
|
|
@@ -114,7 +119,7 @@ exports.login = {
|
|
|
114
119
|
}
|
|
115
120
|
},
|
|
116
121
|
async loginAll(mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, forceRefresh, noDisableExtensions, disableGpu, incognito = false) {
|
|
117
|
-
const profiles = await awsConfig_1.awsConfig.
|
|
122
|
+
const profiles = await awsConfig_1.awsConfig.getAz2awsProfileNames();
|
|
118
123
|
for (const profile of profiles) {
|
|
119
124
|
debug(`Check if profile ${profile} is expired or is about to expire`);
|
|
120
125
|
if (!forceRefresh &&
|
|
@@ -292,7 +297,12 @@ exports.login = {
|
|
|
292
297
|
!paths_1.paths.userDataDir) {
|
|
293
298
|
debug("Browser launch failed with TargetCloseError. Resetting managed browser profile.");
|
|
294
299
|
console.warn("Browser profile appears incompatible. Resetting profile data and retrying...");
|
|
295
|
-
await promises_2.default.rm(paths_1.paths.chromium, {
|
|
300
|
+
await promises_2.default.rm(paths_1.paths.chromium, {
|
|
301
|
+
recursive: true,
|
|
302
|
+
force: true,
|
|
303
|
+
maxRetries: 5,
|
|
304
|
+
retryDelay: 100,
|
|
305
|
+
});
|
|
296
306
|
await promises_2.default.mkdir(paths_1.paths.chromium, { recursive: true });
|
|
297
307
|
browser = await puppeteer_1.default.launch(launchParams);
|
|
298
308
|
}
|
|
@@ -634,6 +644,7 @@ exports.login = {
|
|
|
634
644
|
};
|
|
635
645
|
if (writeProfile) {
|
|
636
646
|
await awsConfig_1.awsConfig.setProfileCredentialsAsync(profileName, credentials);
|
|
647
|
+
printCredentialsReadyMessage(profileName, credentials);
|
|
637
648
|
}
|
|
638
649
|
return credentials;
|
|
639
650
|
},
|
package/lib/updateNotifier.js
CHANGED
|
@@ -9,7 +9,7 @@ const fs_1 = __importDefault(require("fs"));
|
|
|
9
9
|
const path_1 = __importDefault(require("path"));
|
|
10
10
|
const os_1 = __importDefault(require("os"));
|
|
11
11
|
const PACKAGE_NAME = "az2aws";
|
|
12
|
-
const CACHE_TTL_MS = 1000 * 60 * 60 *
|
|
12
|
+
const CACHE_TTL_MS = 1000 * 60 * 60 * 6; // 6 hours
|
|
13
13
|
const FAKE_LATEST_VERSION_ENV = "AZ2AWS_FAKE_LATEST_VERSION";
|
|
14
14
|
const ANSI_YELLOW = "\u001b[33m";
|
|
15
15
|
const ANSI_RESET = "\u001b[0m";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "az2aws",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.8.1",
|
|
4
4
|
"description": "Use Azure AD SSO to log into the AWS CLI. A modern, actively maintained alternative to aws-azure-login.",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"author": {
|
|
@@ -37,14 +37,14 @@
|
|
|
37
37
|
"engines": {
|
|
38
38
|
"node": ">=24.0"
|
|
39
39
|
},
|
|
40
|
-
"packageManager": "pnpm@10.
|
|
40
|
+
"packageManager": "pnpm@10.33.2",
|
|
41
41
|
"pnpm": {
|
|
42
42
|
"onlyBuiltDependencies": [
|
|
43
43
|
"esbuild",
|
|
44
44
|
"puppeteer"
|
|
45
45
|
],
|
|
46
46
|
"overrides": {
|
|
47
|
-
"basic-ftp@<5.
|
|
47
|
+
"basic-ftp@<5.3.0": "5.3.0",
|
|
48
48
|
"brace-expansion@<1.1.13": "1.1.13",
|
|
49
49
|
"yauzl@<3.2.1": "3.2.1"
|
|
50
50
|
}
|