The easiest way to access your cloud.
This release brings a few minor bug fixes and support for Just-In-Time (JIT) access using Common Fate. For more information on JIT access, check out the JIT recipe in our documentation. A big thankyou to @Nepoxx for making their first contribution in this release!
Full Changelog: https://github.com/common-fate/granted/compare/v0.22.0...v0.23.0
IAM Federated logins now have attributable username in Cloudtrail
Full Changelog: https://github.com/common-fate/granted/compare/v0.21.1...v0.22.0
Full Changelog: https://github.com/common-fate/granted/compare/v0.21.0...v0.21.1
You can now add granted_sso_registration_scopes = sso:account:access
to your ~/.aws/config
, which will cause Granted to respect the session duration in IAM Identity Center. This can be extended to prompt less frequently. Supplying thesso:account:access
scope will cause IAM Identity Center to return a refreshable access token, with a total allowed session time in accordance with your configured AWS SSO session length.
granted credentials rotate
) by @n3s7or in https://github.com/common-fate/granted/pull/582
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.7...v0.21.0
invalid_grant
errorwe have added better error handling for the oauth2 invalid_grant
error. Now, whenever this error is encountered, Granted automatically clears the cached token and sends a message like:
[i] It looks like the above error was caused by an invalid authentication token. We have cleared the token from your keychain. To re-run the command, you'll need to authenticate again by running: 'granted login https://d3h0e9z8klkkkk.cloudfront.net/'
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.6...v0.20.7
The output from goassume
when --exec
is provided now returns the arguments with proper escaping/splitting to ensure they are evaluated when passed to sh -c
in the assume
script.
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.5...v0.20.6
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.4...v0.20.5
--exec
--exec
now uses the shell script to execute commands instead of Go; this enables TTY applications to work as expected.
--export-sso-token
Flag@cedieio has introduced the --export-sso-token
flag, which exports the SSO token to ~/.aws/sso/cache. The ExportSSOToken configuration automatically exports the SSO token by default.
The command
field in your ~/.kube/config
needs to be changed to assume
from assumego
. Follow docs here
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.3...v0.20.4
Run granted sso-tokens expiry --json
to print the SSO token expiry in JSON. Additionally, you can use jq to filter and display only the expired tokens in JSON format: granted sso-tokens expiry --json | jq -r '[.[] | select(.is_expired == true)]'
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.2...v0.20.3
Downgrades aws config package and dependency ini due to a performance regression causing large config files to hang
Full Changelog: https://github.com/common-fate/granted/compare/v0.20.1...v0.20.2