How to Setup SSO and aws-vault

SSO is used for Programatic access and to login to AWS console.

1. Open URL for SSO [https://domain.awsapps.com/start].

2. Use your SSO [username] and [password] to sign in.

3. Click on Management console to open AWS console or click on Command line or programmatic access for programmatic access.
   
   

   Open

   

    

4. After clicking on Command line or programmatic access use temporary keys by clicking on Click to copy these commands and paste the credentials in terminal.

   Open

   

    

Another option is to use aws-vault with SSO.

1. Install aws-vault.

2. vim .aws/config

3. Paste the SSO config in the file:

   [profile example-dev] sso_start_url=https://example.awsapps.com/start sso_region=us-west-1 sso_account_id=987654321 sso_role_name=AdministratorAccess region=us-west-1

4. Use aws-vault exec command to exec to AWS account. For example, to exec to example-dev use aws-vault exec example-dev . This command redirects to web and waits for you to login to SSO and allow the request.

   Open

   

After both options you will be able to exec to EKS cluster.

1. aws eks update-kubeconfig --name [cluster-name] --region [region-name]

2. Use this command to get all pods from all namespaces:
   kubectl get pods -A

3. Use this command to exec to one of pods:
   kubectl exec -it pod/[pod-name] /bin/bash