DEV Community

Prashant Gupta
Prashant Gupta

Posted on

AWS SSO Account Credentials Extractor

#iam #aws #security

AWS SSO Account Credentials Extractor

Automates AWS SSO authentication and extracts account credentials for multiple accounts and roles.

Prerequisites

  • Python 3.13+
  • boto3 library
  • AWS SSO configured

Installation 

pip install boto3
Enter fullscreen mode Exit fullscreen mode

Configuration

Update the following variables in function.py:

  • REGION: Your Identity Center region
  • START_URL: Your SSO start URL
  • project_name: Your project name

Usage 

python function.py
Enter fullscreen mode Exit fullscreen mode
  1. The script will display a login URL
  2. Complete authentication in the browser
  3. Account credentials saved to account_details.json

Output Format 

[
    {
        "cloudName": "AWS",
        "regionName": "us-east-1",
        "projectName": "MyProject",
        "accountId": "999999999999",
        "accountName": "Production",
        "accountKeys": {
            "profile_name": "",
            "role_arn": "",
            "access_key": "AKIA...",
            "secret_access_key": "...",
            "key_session_token": "..."
        }
    }
]
Enter fullscreen mode Exit fullscreen mode

Functions

  • register_sso_client() - Register SSO client
  • authorize_device() - Start device authorization
  • get_access_token() - Poll for access token
  • get_accounts_and_credentials() - Extract account credentials
  • save_to_json() - Save to JSON file

GitHub Link

https://github.com/prashantgupta123/devops-automation/tree/main/aws-iam-identity-accounts-sso

Top comments (0)