From aa529ca4de7bd2e63a9f6891a23575cfbb2f37be Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Wed, 18 Dec 2024 20:33:32 +0200
Subject: [PATCH] Add SchooLinks AWS SSO.

---
 .aws/config         |  6 ------
 .aws/config.j2      | 14 ++++++++++++++
 .aws/credentials.j2 |  4 ----
 3 files changed, 14 insertions(+), 10 deletions(-)
 delete mode 100644 .aws/config
 create mode 100644 .aws/config.j2

diff --git a/.aws/config b/.aws/config
deleted file mode 100644
index 3915c0c..0000000
--- a/.aws/config
+++ /dev/null
@@ -1,6 +0,0 @@
-# vim: ft=cfg
-[profile shore]
-region = us-east-1
-
-[profile schoolinks]
-region = us-east-1
diff --git a/.aws/config.j2 b/.aws/config.j2
new file mode 100644
index 0000000..6291cc6
--- /dev/null
+++ b/.aws/config.j2
@@ -0,0 +1,14 @@
+# vim: ft=cfg
+[profile shore]
+region = us-east-1
+
+[profile schoolinks]
+region = us-east-1
+sso_session = schoolinks
+sso_account_id = {{ run(["ph", "show", "--field", "Account ID", "SchooLinks/AWS SSO"])["stdout"] }}
+sso_role_name = AdministratorAccess
+
+[sso-session schoolinks]
+sso_start_url = https://schoolinks-sso.awsapps.com/start
+sso_region = us-east-1
+sso_registration_scopes = sso:account:access
diff --git a/.aws/credentials.j2 b/.aws/credentials.j2
index f92f47f..c5ce38b 100644
--- a/.aws/credentials.j2
+++ b/.aws/credentials.j2
@@ -2,7 +2,3 @@
 [shore]
 aws_access_key_id = {{ run(["ph", "show", "--field", "UserName", "shore.co.il/AWS CLI"])["stdout"] }}
 aws_secret_access_key = {{ run(["ph", "show", "--field", "Password", "shore.co.il/AWS CLI"])["stdout"] }}
-
-[schoolinks]
-aws_access_key_id = {{ run(["ph", "show", "--field", "UserName", "SchooLinks/AWS access key"])["stdout"] }}
-aws_secret_access_key = {{ run(["ph", "show", "--field", "Password", "SchooLinks/AWS access key"])["stdout"] }}
-- 
GitLab