C3C/nix-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b163b2f9ce
nix-configuration/home-manager/veracode/aws-cli.nix
arnie 7385941c96
Implement okta aws cli
2025-08-21 12:33:12 +02:00

612 lines
16 KiB
Nix
Raw Blame History

{
config,
homedir,
lib,
pkgs,
...
}:
let
accounts = {
eu = {
"905326657474" = {
name = "log-archive";
role = "EngineerAdmin-Veracode-EU-All";
};
"864021117189" = {
name = "security";
role = "EngineerAdmin-Veracode-EU-All";
};
"296441839393" = {
name = "shared-services";
role = "EngineerAdmin-Veracode-EU-All";
};
"714966795542" = {
name = "veracode-eu-devops";
role = "EngineerAdmin-Veracode-EU-All";
};
"359955634867" = {
name = "veracode-eu-master";
role = "EngineerAdmin-Veracode-EU-All";
};
"675053010029" = {
name = "veracode-eu-networking";
role = "EngineerAdmin-Veracode-EU-All";
};
"377019361040" = {
name = "veracode-eu-platform-nonprod";
role = "EngineerAdmin-Veracode-EU-All";
};
"962291324749" = {
name = "veracode-eu-platform-prod";
role = "EngineerAdmin-Veracode-EU-All";
};
"090139405064" = {
name = "veracode-status-eu";
role = "EngineerAdmin-Veracode-EU-All";
};
};
us = {
"339712784947" = {
name = "aws-corp-it-prod";
role = "EngineerAdmin";
};
"077230771307" = {
name = "aws-syseng";
role = "EngineerAdmin";
};
"854207236867" = {
name = "devops";
role = "EngineerAdmin";
};
"419928441445" = {
name = "hunter2";
role = "EngineerAdmin";
};
"201152413784" = {
name = "hunter2-nonprod";
role = "EngineerAdmin";
};
"234742391591" = {
name = "logging";
role = "EngineerAdmin";
};
"373670440571" = {
name = "mars-archive";
role = "EngineerAdmin";
};
"389203956472" = {
name = "mvsa-dev";
role = "EngineerAdmin";
};
"120705294404" = {
name = "networking";
role = "EngineerAdmin";
};
"540592891828" = {
name = "repo-tools-nonprod";
role = "EngineerAdmin";
};
"199128305162" = {
name = "security";
role = "EngineerAdmin";
};
"205744758777" = {
name = "shared-services";
role = "EngineerAdmin";
};
"502262283075" = {
name = "staticengine-ci";
role = "EngineerAdmin";
};
"593005598611" = {
name = "Veracode Marketplace Sales Account";
role = "EngineerAdmin";
};
"544286724460" = {
name = "veracode-api-security-dev";
role = "EngineerAdmin";
};
"426703640137" = {
name = "veracode-cmk-production";
role = "EngineerAdmin";
};
"227890167531" = {
name = "veracode-cmk-staging";
role = "EngineerAdmin";
};
"833309876439" = {
name = "veracode-datalake-nonprod";
role = "EngineerAdmin";
};
"231215122795" = {
name = "veracode-datalake-prod";
role = "EngineerAdmin";
};
"556105087578" = {
name = "veracode-devops-sandbox";
role = "EngineerAdmin";
};
"419934374614" = {
name = "veracode-dynamic-nonprod";
role = "EngineerAdmin";
};
"743424160468" = {
name = "veracode-dynamic-prod";
role = "EngineerAdmin";
};
"026090546337" = {
name = "veracode-extcmk-c01";
role = "EngineerAdmin";
};
"026090544016" = {
name = "veracode-extcmk-dev";
role = "EngineerAdmin";
};
"527791905507" = {
name = "veracode-gov-production";
role = "EngineerAdmin";
};
"241823169104" = {
name = "veracode-gov-security";
role = "EngineerAdmin";
};
"337544356528" = {
name = "veracode-gov-staging";
role = "EngineerAdmin";
};
"125763904786" = {
name = "veracode-l2-support";
role = "EngineerAdmin";
};
"361598275817" = {
name = "veracode-laputa-sandbox";
role = "EngineerAdmin";
};
"165970187232" = {
name = "veracode-lz-data-dr";
role = "EngineerAdmin";
};
"135394645105" = {
name = "veracode-lz-data-nonprod";
role = "EngineerAdmin";
};
"041513053014" = {
name = "veracode-lz-data-prod";
role = "EngineerAdmin";
};
"341176679750" = {
name = "veracode-lz-futureville";
role = "EngineerAdmin";
};
"011479462201" = {
name = "veracode-lz-master";
role = "EngineerAdmin";
};
"900979254221" = {
name = "veracode-lz-static-non-prod";
role = "EngineerAdmin";
};
"867871251596" = {
name = "veracode-lz-static-prod";
role = "EngineerAdmin";
};
"621415697837" = {
name = "veracode-pac-lz-nonproduction";
role = "EngineerAdmin";
};
"677563424528" = {
name = "veracode-pac-lz-production";
role = "EngineerAdmin";
};
"055143528572" = {
name = "veracode-platform-nonprod";
role = "EngineerAdmin";
};
"432322876094" = {
name = "veracode-platform-prod";
role = "EngineerAdmin";
};
"772788280252" = {
name = "veracode-sca-nonprod";
role = "EngineerAdmin";
};
"978530908597" = {
name = "veracode-sca-prod";
role = "EngineerAdmin";
};
"129575015961" = {
name = "veracode-sky-github";
role = "EngineerAdmin";
};
"157122231047" = {
name = "veracode-status";
role = "EngineerAdmin";
};
};
old-world = {
"747166839737" = {
name = "Alternator Prod";
role = "EngineerAdmin";
};
"849762296401" = {
name = "aws-cloudloop";
role = "EngineerAdmin";
};
"555828001259" = {
name = "aws-devops";
role = "EngineerAdmin";
};
"095180515219" = {
name = "aws-disco-dev";
role = "EngineerAdmin";
};
"602400992919" = {
name = "aws-disco-prod";
role = "EngineerAdmin";
};
"671440995558" = {
name = "aws-mpt";
role = "EngineerAdmin";
};
"390809507444" = {
name = "aws-research";
role = "EngineerAdmin";
};
"547681985753" = {
name = "aws-static-dev";
role = "EngineerAdmin";
};
"576836758243" = {
name = "aws-static-prod";
role = "EngineerAdmin";
};
"272739225222" = {
name = "Greenlight Dev";
role = "EngineerAdmin";
};
"187309115203" = {
name = "Greenlight Prod";
role = "EngineerAdmin";
};
"312566581319" = {
name = "mvsa-prod";
role = "EngineerAdmin";
};
"528304698271" = {
name = "ops1";
role = "EngineerAdmin";
};
"178484873978" = {
name = "ops2";
role = "EngineerAdmin";
};
"036935693235" = {
name = "platform-integrations-dev";
role = "EngineerAdmin";
};
"101042440253" = {
name = "platform-integrations-prod";
role = "EngineerAdmin";
};
"769404944768" = {
name = "Veracode GovCloud Parent Staging";
role = "EngineerAdmin";
};
"932961976631" = {
name = "Veracode Laputa";
role = "EngineerAdmin";
};
"706178003760" = {
name = "Veracode Master";
role = "EngineerAdmin";
};
"227458413628" = {
name = "veracode-asc-ilt";
role = "EngineerAdmin";
};
"637659597440" = {
name = "veracode-dataservices-dev";
role = "EngineerAdmin";
};
"360252896736" = {
name = "veracode-dataservices-production";
role = "EngineerAdmin";
};
"634743813634" = {
name = "veracode-elearning-nonprod";
role = "EngineerAdmin";
};
"231131777030" = {
name = "veracode-gov-parent-nonproduction";
role = "EngineerAdmin";
};
"391700338873" = {
name = "veracode-gov-parent-production";
role = "EngineerAdmin";
};
"083679226615" = {
name = "veracode-hackathon";
role = "EngineerAdmin";
};
"228885042232" = {
name = "veracode-info-sec";
role = "EngineerAdmin";
};
"653330403905" = {
name = "veracode-mpt-mffc";
role = "EngineerAdmin";
};
"566201213358" = {
name = "veracode-nonproduction";
role = "EngineerAdmin";
};
"518031149952" = {
name = "veracode-production";
role = "EngineerAdmin";
};
"966752150300" = {
name = "veracode-qaoncloud-nonproduction";
role = "EngineerAdmin";
};
"221433242586" = {
name = "veracode-solutions-architect";
role = "EngineerAdmin";
};
"576647558819" = {
name = "VeraRadio";
role = "EngineerAdmin";
};
};
longbow = {
"520315734741" = {
name = "Audit";
role = "AWS-Engineer-Admin";
};
"853528449373" = {
name = "demo";
role = "AWS-Engineer-Admin";
};
"058887878640" = {
name = "Dev";
role = "AWS-Engineer-Admin";
};
"539590419140" = {
name = "Hans Gruber";
role = "AWS-Engineer-Admin";
};
"048352314288" = {
name = "Log archive";
role = "AWS-Engineer-Admin";
};
"066179854877" = {
name = "Production";
role = "AWS-Engineer-Admin";
};
"388353868666" = {
name = "SaaS Seller Account";
role = "AWS-Engineer-Admin";
};
"057168112839" = {
name = "Sandbox";
role = "AWS-Engineer-Admin";
};
"704459292453" = {
name = "Shared Services";
role = "AWS-Engineer-Admin";
};
"108911762463" = {
name = "Staging";
role = "AWS-Engineer-Admin";
};
"252894127310" = {
name = "TalonX";
role = "AWS-Engineer-Admin";
};
"932480454180" = {
name = "Test Customer";
role = "AWS-Engineer-Admin";
};
};
};
in
{
home.file."${homedir}/.aws/config" = {
text = ''
[default]
region = us-east-1
[sso-session veracode-us]
sso_start_url = https://d-906716ce52.awsapps.com/start/
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-eu]
sso_start_url = https://d-996723c1d4.awsapps.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access
[sso-session veracode-old-world]
sso_start_url = https://d-90679ac9ea.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-longbow]
sso_start_url = https://d-90677f445e.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-gov-stag]
sso_start_url = https://???.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[profile veracode-gov-staging-gov]
sso_account_id = 403885414333
sso_session = veracode-gov-stag
sso_role_name = Corp-Engineer
region = us-east-1
output = json
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-us
region = us-east-1
output = json
[profile us-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-us
region = us-east-1
output = json
'') accounts.us
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if lib.any (usAccount: usAccount.name == account.name) (lib.attrValues accounts.us) then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-eu
region = eu-central-1
output = json
''
}
[profile eu-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-eu
region = eu-central-1
output = json
'') accounts.eu
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if
lib.any (otherAccount: otherAccount.name == account.name) (
lib.attrValues (accounts.us // accounts.eu)
)
then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-old-world
region = eu-central-1
output = json
''
}
[profile old-world-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-old-world
region = eu-central-1
output = json
'') accounts.old-world
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if
lib.any (otherAccount: otherAccount.name == account.name) (
lib.attrValues (accounts.us // accounts.eu // accounts.old-world)
)
then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-longbow
region = eu-central-1
output = json
''
}
[profile longbow-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-longbow
region = eu-central-1
output = json
'') accounts.longbow
)}
'';
};
home.file."${homedir}/.okta_aws_login_config" = {
source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
};
home.packages = [
pkgs.gimme-aws-creds
];
programs.zsh.shellAliases = {
export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
gimme-aws-creds --profile govus-stage
echo "export AWS_REGION=us-gov-west-1"
''}'';
veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-eu = ''${pkgs.writeShellScript "veracode-find-eu" ''
for profile in $(aws configure list-profiles | grep -E '^(eu)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-us = ''${pkgs.writeShellScript "veracode-find-us" ''
for profile in $(aws configure list-profiles | grep -E '^(us)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-old-world = ''${pkgs.writeShellScript "veracode-find-old-world" ''
for profile in $(aws configure list-profiles | grep -E '^(old-world)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-longbow = ''${pkgs.writeShellScript "veracode-find-longbow" ''
for profile in $(aws configure list-profiles | grep -E '^(longbow)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-login = ''${pkgs.writeShellScript "veracode-login" ''
for region in us eu; do
aws sso login --profile $region-shared-services &
done
aws sso login --profile old-world-aws-devops &
aws sso login --profile longbow-SharedServices &
''}'';
};
}
Reference in New Issue View Git Blame Copy Permalink