SSO Config Generator

A Python CLI tool that turns complex AWS SSO setups into clean CLI profiles and a navigable directory structure for multi-account organizations.

Get started View on GitHub

The problem it solves

Too many accounts and roles

In large AWS Organizations, developers often have access to dozens of accounts and roles. Manually managing SSO profiles and switching between them becomes time-consuming and error-prone.

Hard to navigate environments

Even if SSO is configured correctly, there is usually no consistent directory structure that mirrors your OU layout, making it difficult to keep workspaces organized.

Context switching costs

Switching roles by hand, exporting profiles, and remembering the right account/role combination slows developers down and increases the chance of using the wrong environment.

How SSO Config Generator helps

Generates AWS CLI profiles

Creates one profile per role you have via AWS SSO
Profiles follow the pattern <RoleName>@<AccountName>
Updates ~/.aws/config using a managed block
Respects existing non-SSO configuration

Creates directory structures

Mirrors your AWS OU hierarchy (optional)
Creates one directory per account under a unified root
Adds .envrc files for each account to set AWS_PROFILE
Optional repos.md scaffolding per account

✓ Single command to refresh SSO profiles

✓ Automatic OU caching and fast reruns

✓ Cloud9/cloudX aware for smooth integration

Quick start

Prerequisites

Make sure you have:

Python 3.8 or higher
AWS CLI v2
AWS SSO configured with a sso-browser profile
Optional: direnv for automatic profile switching

Install & configure

pip install sso-config-generator

# or use uvx without installing
uvx sso-config-generator

# ensure AWS SSO is configured and logged in
aws configure sso
aws sso login --profile sso-browser
                        

Generate profiles & directories

# Basic usage (profiles + directories)
uvx sso-config-generator

# Flat directory layout
uvx sso-config-generator --no-use-ou-structure

# Custom root and role name
uvx sso-config-generator \
  --unified-root ~/aws-environments \
  --developer-role-name ReadOnlyAccess

# Validate existing configuration only
uvx sso-config-generator --validate
                        

Resources

SSO Config Generator is maintained as an open source project by easytocloud.

📦

Project links

↩️

Back to easytocloud

Explore cloudX and Mac-letterhead on the main products page.

Back to overview