Versent
`console` command doesn't logout from aws account before logging in
When using sam2aws console with multiple accounts, the accounts don't automatically log out.
Would it be possible to logout any active sessions and then sign in?
I'm finding it a chore to have to click that "logout" link and then initiate the command again from the cli.
i used to use aws-vault and the same problem exists on that tool too. some users have posted various workarounds so there is hope for us. (for context: https://github.com/99designs/aws-vault/issues/721)
Further info (in case anyone is also interested).... the logout function isn't respecting the redirect_uri function. it will always bring up the https://aws.amazon.com/console/ page once it's logged out, so it's pretty impossible to get a clean logout-to-login process working. the messy way is to just do the logout and get saml2aws to open a new page:
example (not working)
open -a "Google Chrome.app" https://signin.aws.amazon.com/oauth?Action=logout&redirect_uri=$(saml2aws -a ${PROFILE} console --link)
example (working):
open -a "Google Chrome.app" https://signin.aws.amazon.com/oauth?Action=logout
saml2aws -a ${PROFILE} console
oh boy what a rabbit hole... this guy found the working URL - it only works in us-east-1: https://serverfault.com/questions/985255/is-it-possible-to-switch-between-aws-accounts-without-signing-out-first#comment1460111_1097528
working script:
#!/usr/bin/env bash
PROFILE=${1:-default}
chrome="Google Chrome Dev.app"
# this URL works with the redirect_uri
SIGNIN="https://us-east-1.signin.aws.amazon.com/oauth?Action=logout&redirect_uri=https%3A%2F%2Fus-east-1.signin.aws.amazon.com%2Ffederation%3FAction%3Dlogin%26Destination%3Dhttps%253A%252F%252Fus-west-2.console.aws.amazon.com%252Fconsole%252Fhome%26SigninToken"
# this extracts the TOKEN from saml2
TOKEN=$(saml2aws -a ${PROFILE} console --link | cut -d'=' -f5)
# open works on Mac
open -a "${chrome}" "${SIGNIN}=${TOKEN}"