Releases: synfinatic/aws-sso-cli
Release list
v2.3.1
Overview
Basically no longer attempt to include 1Password support on Linux because that requires CGO and hence would introduce a number of complexities that I do not want to touch with a 10ft pole. Suggest Linux+1Password users build from source, see docs for more details.
What's Changed
- Don't include 1Password support on Linux w/o CGO by @synfinatic in #1424
Full Changelog: v2.3.0...v2.3.1
v2.3.0
New Features
- Add 1Password SecureStorage backend (
SecureStore: 1password) with service account and desktop
app authentication support #1369 - Add aws-sso [exec|eval] --overwrite-env flag to allow overriding AWS_ env variables #1095
- Add support for /healthcheck endpoint for ECS server #1356
- Add
--default <profile>flag toecs serverandecs docker startto automatically load
a named profile as the default credential slot on startup - Interactive mode now supports selecting by Profile name
- Add support for AWS Dual Stack API endpoints via
AWS_USE_DUALSTACK_ENDPOINT
Bugs
- Preserve final line of config files lacking a trailing newline #1419
- fix FIPS endpoint support
Full Changelog: v2.2.5...v2.3.0
v2.2.5
Overview
Just some bug fixes before v2.3.0 is released.
What's Changed
- Bump golang.org/x/net from 0.54.0 to 0.55.0 by @dependabot[bot] in #1375
- fix: correct 'which to' -> 'wish to' typo in docs/config.md by @Jah-yee in #1377
- fix stale-label config for close inactive by @synfinatic in #1381
- add unit tests for cmd/aws-sso by @synfinatic in #1383
- fix: exit cleanly on SIGINT even when blocked in keyring/D-Bus calls by @synfinatic in #1384
- Add lock/context for JSON SecureStore by @synfinatic in #1385
- add logging for securestore opening by @synfinatic in #1386
- add integration tests / awsmock by @synfinatic in #1387
- add initial cli e2e testing by @synfinatic in #1391
- fix: don't exit non-zero on clean shutdown after SIGINT handler by @nlang in #1388
- hardExitOnSignal now checks the channel's ok value by @synfinatic in #1393
- fix: resolve OIDC and federation endpoints per AWS partition (EU Sovereign Cloud) by @nlang in #1389
- security: Update to Go 1.26.4 by @synfinatic in #1397
- tag dependabot no changelog by @synfinatic in #1407
- Bump github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.41.12 by @dependabot[bot] in #1408
- bump codecov to v7 by @synfinatic in #1410
- Bump golang.org/x/net from 0.55.0 to 0.56.0 by @dependabot[bot] in #1415
- Split fish auto-complete file into multiple files by @synfinatic in #1416
- Bump github.com/aws/aws-sdk-go-v2 from 1.41.12 to 1.42.0 by @dependabot[bot] in #1412
- release v2.2.5 by @synfinatic in #1418
New Contributors
Full Changelog: v2.2.4...v2.2.5
v2.2.4
Overview
I goofed.
What's Changed
- Really fix WSL/SSH detection for AuthWorkflow by @synfinatic in #1374
Full Changelog: v2.2.3...v2.2.4
v2.2.3
Overview
Bugs
- Fix
$AWS_REGIONnot set byeval/execdespite being documented #1277 - Fix bugs parsing AccountId's with leading zero's on the command line #1366
- Default to
AuthWorkflow: device_codewhen SSH or WSL sessions are detected #1371
What's Changed
- do not support go install by @synfinatic in #1363
- Bump tarides/changelog-check-action from 2 to 3 by @dependabot[bot] in #1365
- Bump DavidAnson/markdownlint-cli2-action from 20 to 23 by @dependabot[bot] in #1364
- Padded zero accounts by @synfinatic in #1367
- Fix set AWS_REGION alongside AWS_DEFAULT_REGION by @gitfool in #1370
- Default to device_code for WSL/SSH sessions by @synfinatic in #1372
- release 2.2.3 by @synfinatic in #1373
Full Changelog: v2.2.2...v2.2.3
v2.2.2
Overview
This change attempts to resolve issues for some users who found AWS SSO API endpoint would not allow all 3 grant types when registering the client. We now only pass in your selected authentication mode (device_code or authorization_code) + refresh_token in RegisterClientInput.GrantTypes.
What's Changed
- update readme by @synfinatic in #1358
- Support device_code or authorization_code, not both by @synfinatic in #1361
Full Changelog: v2.2.1...v2.2.2
v2.2.1
Overview
This is bug fix focused release that addresses some minor issues related to the ECS Server and challenges related to statically defined roles and cache diffs.
What's Changed
- use constant for sso max results/pagnation by @synfinatic in #1348
- stabilize Console tests and improve performance by @synfinatic in #1347
- skip static roles from cache diff report by @synfinatic in #1350
- Improve uri console test by @synfinatic in #1351
- Fix ECS commands by @synfinatic in #1354
- improve ecs docs and add example by @synfinatic in #1355
- release v2.2.1 by @synfinatic in #1357
Full Changelog: v2.2.0...v2.2.1
v2.2.0
Overview
v2.2.0 is a rather significant change and includes a massive refactoring of the back end code and includes a number of key enhancements/bug fixes:
- Adding support for PKCE auth code OIDC workflow (enabled by default)
- Adding support for OIDC refresh tokens (allows staying logged in > 8hrs)
- Adding support for managing the
$AWS_REGIONenvironment variable - Fixing the bug caused by AWS reducing their query limit on number of accounts/roles to 100
This last issue is what caused v2.2.0 to get pushed out today rather than waiting a little longer to I bike shed a few things. Please open any ticket for new issues so they can be incorporated in the next release.
What's Changed
- explain interactive mode by @synfinatic in #1271
- Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #1275
- Bump actions/stale from 9 to 10 by @dependabot[bot] in #1274
- Bump actions/setup-python from 5 to 6 by @dependabot[bot] in #1276
- Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in #1265
- Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in the go_modules group across 1 directory by @dependabot[bot] in #1295
- bump to go v1.26 by @synfinatic in #1301
- Bump squidfunk/mkdocs-material from 9.6.16 to 9.7.6 by @dependabot[bot] in #1307
- update copyright by @synfinatic in #1310
- Bump golang from 1.23-alpine to 1.26-alpine by @dependabot[bot] in #1302
- Bump github.com/goccy/go-yaml from 1.15.17 to 1.19.2 by @dependabot[bot] in #1186
- Bump github.com/alecthomas/kong from 1.7.0 to 1.12.1 by @dependabot[bot] in #1263
- Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in #1291
- Bump actions/download-artifact from 5 to 8 by @dependabot[bot] in #1289
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #1298
- Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in #1288
- Bump golang.org/x/net from 0.39.0 to 0.54.0 by @dependabot[bot] in #1284
- Bump DavidAnson/markdownlint-cli2-action from 20 to 23 by @dependabot[bot] in #1297
- refactor OIDC code and support PKCE workflow by @synfinatic in #1313
- fix github workflows for forks by @synfinatic in #1314
- fix: bump aws-sdk-go-v2 SDKs for AWS European Sovereign Cloud (EUSC) support by @nlang in #1309
- Fix UniqueCheck to only validate profiles within the requested SSO by @nlang in #1306
- update changelog by @synfinatic in #1315
- move refactor sso and move roles to it's own module by @synfinatic in #1316
- refactor sso/options elements from into internal/ui by @synfinatic in #1317
- splist sso/cache.go into multiple files by @synfinatic in #1318
- Add EU and AWS Parition support to wizard by @synfinatic in #1320
- add SecretService Collection name to config by @synfinatic in #1321
- cache command now prints a diff of roles added/removed by @synfinatic in #1322
- Sso rewrite by @synfinatic in #1323
- Bump github.com/mattn/go-isatty from 0.0.20 to 0.0.22 by @dependabot[bot] in #1331
- Fix device auth post PKCE / refresh tokens by @synfinatic in #1333
- Bump github.com/alecthomas/kong from 1.12.1 to 1.15.0 by @dependabot[bot] in #1332
- Bump github.com/aws/aws-sdk-go-v2 from 1.41.6 to 1.41.7 by @dependabot[bot] in #1330
- Bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 by @dependabot[bot] in #1325
- Bump docker/login-action from 3 to 4 by @dependabot[bot] in #1326
- Bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #1327
- Bump codecov/codecov-action from 5 to 6 by @dependabot[bot] in #1328
- Bump docker/metadata-action from 5 to 6 by @dependabot[bot] in #1329
- change wizard to prompt for starturl by @synfinatic in #1334
- refactor region lists by @synfinatic in #1335
- Manage AWS_REGION by @synfinatic in #1336
- missing changelog by @synfinatic in #1337
- add changelog check by @synfinatic in #1338
- Generate a friendly warning when auth token expires by @synfinatic in #1339
- fix up wizard docs by @synfinatic in #1341
- Refresh token support by @synfinatic in #1340
- Cap sso ListAccounts and ListAccountRoles MaxResults at 100 - Fixes #1342 by @nhumphreys in #1343
- fix changelog by @synfinatic in #1345
- improve cache diff report by @synfinatic in #1344
- update changelog for v2.2.0 by @synfinatic in #1346
New Contributors
- @nlang made their first contribution in #1309
- @nhumphreys made their first contribution in #1343
Full Changelog: v2.1.0...v2.2.0
v2.1.0
New Features
- Add support for
ansi-osc52copying of URLs into clipboard #1070 --url-actionnow supports auto-completeaws-sso-profileshell helper now supports-S/--ssoflag to specify SSO instance #1264- Detect running in WSL and prompt user for open method #1267
Bug Fixes
- Fix clearing ENV vars under Windows Powershell #1244
- Fix docs around correct naming of
--levelflag #1240 - Fix console command for Via/AssumeRole roles #1205
- Update docker library to fix GO-2025-3829
What's Changed
- replace --log-level with --level in docs by @synfinatic in #1242
- Fix unset env vars for powershell by @gitfool in #1245
- update changelog by @synfinatic in #1246
- Fix console command for Role Chaining by @synfinatic in #1247
- refactor internal/utils into smaller packages by @synfinatic in #1248
- Add support for ANSI OSC52 escape sequence by @synfinatic in #1249
- Add auto-complete support for --url-action by @synfinatic in #1250
- Bump github.com/docker/docker from 27.2.1+incompatible to 28.0.0+incompatible in the go_modules group across 1 directory by @dependabot[bot] in #1254
- Bump github.com/docker/docker from 27.2.1+incompatible to 28.1.1+incompatible by @dependabot[bot] in #1194
- Bump crazy-max/ghaction-import-gpg from 6.2.0 to 6.3.0 by @dependabot[bot] in #1187
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #1253
- Bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #1252
- Bump squidfunk/mkdocs-material from 9.6.5 to 9.6.16 by @dependabot[bot] in #1243
- Bump golang.org/x/term from 0.31.0 to 0.34.0 by @dependabot[bot] in #1251
- Update bug report template for config file path by @synfinatic in #1266
- [Feature] Add support for specifying SSO instance via
-S/--ssoflag foraws-sso-profileby @l2D in #1264 - detect running on WSL2 for Wizard by @synfinatic in #1269
- prep changes for v2.1.0 by @synfinatic in #1257
- fix release date for 2.1.0 by @synfinatic in #1270
New Contributors
Full Changelog: v2.0.3...v2.1.0
v2.0.3
Fixes a regression where AuthUrlAction configuration option was not being honored.
What's Changed
- make changelog pass lintcheck by @synfinatic in #1227
- enable markdownlint by @synfinatic in #1229
- Fix AuthUrlAction by @synfinatic in #1231
Full Changelog: v2.0.2...v2.0.3