Replace AWS Vault with AWS SSO CLI

Signed-off-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>

.devcontainer/features/src/aws-tools/devcontainer-feature.json

@@ -15,14 +15,14 @@
       "proposals": ["latest"],
       "default": "latest"
     },
-    "installAwsVault": {
+    "installAwsSsoCli": {
       "type": "boolean",
-      "description": "Install AWS Vault (https://github.com/99designs/aws-vault)",
+      "description": "Install AWS SSO CLI (https://github.com/synfinatic/aws-sso-cli)",
       "default": true
     },
-    "awsVaultVersion": {
+    "awsSsoCliVersion": {
       "type": "string",
-      "description": "AWS Vault version",
+      "description": "AWS SSO CLI version",
       "proposals": ["latest"],
       "default": "latest"
     },

.devcontainer/features/src/aws-tools/install-aws-cli.sh

@@ -26,11 +26,3 @@ rm --force --recursive aws ${ARTEFACT}
 #### Completion
 
 echo "complete -C '/usr/local/bin/aws_completer' aws" > /home/vscode/.dotfiles/aws.sh
-
-### Config
-
-mkdir --parents /home/vscode/.aws
-
-cp  $( dirname $0 )/src/home/vscode/.aws/config /home/vscode/.aws/config
-
-chown --recursive vscode:vscode /home/vscode/.aws

.devcontainer/features/src/aws-tools/install-aws-sso-cli.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -e
+
+source /usr/local/bin/devcontainer-utils
+
+VERSION=${AWSSSOCLIVERSION:-"latest"}
+GITHUB_REPOSITORY="synfinatic/aws-sso-cli"
+
+if [ "${VERSION}" == "latest" ]; then
+  get_github_latest_tag ${GITHUB_REPOSITORY}
+  VERSION="${GITHUB_LATEST_TAG}"
+  VERSION_STRIP_V="${GITHUB_LATEST_TAG_STRIP_V}"
+else
+  VERSION="${VERSION}"
+fi
+
+### Install
+
+curl --location https://github.com/${GITHUB_REPOSITORY}/releases/download/${VERSION}/aws-sso-${VERSION_STRIP_V}-linux-${ARCHITECTURE} \
+  --output /usr/local/bin/aws-sso
+
+chmod +x /usr/local/bin/aws-sso
+
+mkdir --parents /home/vscode/.aws-sso
+
+cp  $( dirname $0 )/src/home/vscode/.aws-sso/config.yaml /home/vscode/.aws-sso/config.yaml
+
+chown --recursive vscode:vscode /home/vscode/.aws-sso
+
+### Config
+
+echo "export AWS_SSO_FILE_PASSWORD=\"aws_sso_123456789\"" > /home/vscode/.dotfiles/aws-sso-cli.sh

.devcontainer/features/src/aws-tools/install.sh

@@ -4,8 +4,8 @@ if [[ "${INSTALLAWSCLI}" == "true" ]]; then
   bash $( dirname $0 )/install-aws-cli.sh
 fi
 
-if [[ "${INSTALLAWSVAULT}" == "true" ]]; then
-  bash $( dirname $0 )/install-aws-vault.sh
+if [[ "${INSTALLAWSSSOCLI}" == "true" ]]; then
+  bash $( dirname $0 )/install-aws-sso-cli.sh
 fi
 
 if [[ "${INSTALLAWSNUKE}" == "true" ]]; then

.devcontainer/features/src/aws-tools/src/home/vscode/.aws-sso/config.yaml

@@ -0,0 +1,13 @@
+SSOConfig:
+  Default:
+    StartUrl: https://moj.awsapps.com/start
+    SSORegion: eu-west-2
+DefaultRegion: eu-west-2
+ConsoleDuration: 720
+CacheRefresh: 168
+UrlAction: print
+LogLevel: error
+HistoryLimit: 10
+HistoryMinutes: 1440
+ProfileFormat: "{{ FirstItem .AccountName (.AccountAlias | nospace) }}:{{ .RoleName }}"
+FullTextSearch: true

.devcontainer/features/test/aws-tools/test.sh

@@ -5,7 +5,7 @@ set -e
 source dev-container-features-test-lib
 
 check "aws-cli version" aws --version
-check "aws-vault version" aws-vault --version
+check "aws-sso version" aws-sso version
 check "aws-nuke version" aws-nuke version
 
 reportResults