npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

aws-sso-device-auth-provider

v0.0.3

Published

This package provides a simple way to get credentials for AWS services using the AWS SSO device authorization grant flow. This is useful for CLI tools that need to access AWS services on behalf of a user.

Downloads

20

Readme

AWS SSO Device Authorization Grant Provider

This package provides a simple way to get credentials for AWS services using the AWS SSO device authorization grant flow. This is useful for CLI tools that need to access AWS services on behalf of a user.

If you've ever used aws sso login to get credentials for the AWS CLI, this package does the same thing, but doesn't require the AWS CLI to be installed and can be configured programmatically.

Thanks to this fantastic blog post by Alex Berger for the explanation of how AWS SSO device authorization grants work.

Installation

Yarn: yarn add aws-sso-device-auth-provider

Npm: npm install aws-sso-device-auth-provider

Requirements

  • The user intending to execute the AWS SSO Device Authorization flow must have an AWS SSO account with access to one or more AWS accounts.
  • The user must also have a browser available to complete the device authorization flow. They will be prompted to visit a URL.

That's it. No AWS CLI or other tools are required.

Usage

There is a convenience function to avoid needing to instantiate an instance of the AwsSsoDeviceAuthProvider class if you only need to get credentials once and you already know the role you want to assume:

import { AwsSsoDeviceAuthProvider } from 'aws-sso-device-auth-provider'
import { S3Client, ListBucketsCommand } from "@aws-sdk/client-s3"

const s3Client = new S3Client({
  region: 'eu-west-1',
  credentials: await AwsSsoDeviceAuthProvider.getAwsCredentialIdentityProviderForRole({
    startUrl: 'https://echobox.awsapps.com/start',
    accountId: '060610571733',
    roleName: 'AWSReadOnlyAccess'
  })
})

console.log(await s3Client.send(new ListBucketsCommand({})))

Alternatively, you can instantiate the AwsSsoDeviceAuthProvider class and use it to get information about the user's AWS accounts and roles:

import { AwsSsoDeviceAuthProvider } from 'aws-sso-device-auth-provider'
import { S3Client, ListBucketsCommand } from "@aws-sdk/client-s3"

const provider = new AwsSsoDeviceAuthProvider({
  startUrl: 'https://echobox.awsapps.com/start'
})

// Optional filters - with support for globs
const accounts = await provider.getAccounts({accountName: 'staging-*'})
const rolesForFirstAccount = await provider.getRolesForAccount({accountId: accounts[0].accountId, roleName: '*ReadOnly*'})

const credentials = await provider.getAwsCredentialIdentityProviderForRole({
  accountId: accounts[0].accountId,
  roleName: rolesForFirstAccount[0].roleName
})

// It caches the credentials based on the expiry time in the response,
//  so this following call would return the same credentials
const s3Client = new S3Client({
  region: 'eu-west-1',
  credentials: provider.getAwsCredentialIdentityProviderForRole({
    accountId: '060610571733',
    roleName: 'AWSReadOnlyAccess'
  })
})

API Docs

See ./docs.