๐ค What?
You are working with multiple client. Each client manages multiple accounts using his own AWS Identity Center.
๐ How?
This can be done with a combination of aws-sso-util and mise.
First we generate aws profiles for all the accounts/roles for both clients.
aws-sso-util configure populate --sso-region <sso-region> -r <default-region> -u https://client1.awsapps.com/start --components "client1",account_name,role_name
aws-sso-util configure populate --sso-region <sso-region> -r <default-region> -u https://client2.awsapps.com/start --components "client2",account_name,role_name
The profile names will be formatted
client1.<account_name>.<role_name>for client 1 andclient2.<account_name>.<role_name>for client 2.
Then we generate a directory structure for both clients, depending on the project/accounts relationship. For example we can create 1 flat directory for each account:
for p in $(grep '^\[profile' ~/.aws/config | sed 's/\[profile \(.*\)\]/\1/'); do
IFS=. read c a r <<< "$p" # parse the profile names
mkdir -p "$c/$a/$r"
echo -e "[env]\nAWS_PROFILE = \"$p\"\nAWS_REGION = \"us-east-1\"" > "$c/$a/$r/mise.toml"
done
You can add additional configuration for each profile using environment variables with
[env]inmise.toml.
Now when you navigate to one of the profile folders, you should simply login using aws-sso-util and start using the CLI without specifying any additional options.
# login to a specific client1 Identity Center
aws-sso-util login https://client1.awsapps.com/start
# login to a specific client1 Identity Center
aws-sso-util login --all