{ config, homedir, lib, pkgs, ... }: let accounts = { eu = { "905326657474" = { name = "log-archive"; role = "EngineerAdmin-Veracode-EU-All"; }; "864021117189" = { name = "security"; role = "EngineerAdmin-Veracode-EU-All"; }; "296441839393" = { name = "shared-services"; role = "EngineerAdmin-Veracode-EU-All"; }; "714966795542" = { name = "veracode-eu-devops"; role = "EngineerAdmin-Veracode-EU-All"; }; "359955634867" = { name = "veracode-eu-master"; role = "EngineerAdmin-Veracode-EU-All"; }; "675053010029" = { name = "veracode-eu-networking"; role = "EngineerAdmin-Veracode-EU-All"; }; "377019361040" = { name = "veracode-eu-platform-nonprod"; role = "EngineerAdmin-Veracode-EU-All"; }; "962291324749" = { name = "veracode-eu-platform-prod"; role = "EngineerAdmin-Veracode-EU-All"; }; "090139405064" = { name = "veracode-status-eu"; role = "EngineerAdmin-Veracode-EU-All"; }; }; us = { "339712784947" = { name = "aws-corp-it-prod"; role = "EngineerAdmin"; }; "077230771307" = { name = "aws-syseng"; role = "EngineerAdmin"; }; "854207236867" = { name = "devops"; role = "EngineerAdmin"; }; "419928441445" = { name = "hunter2"; role = "EngineerAdmin"; }; "201152413784" = { name = "hunter2-nonprod"; role = "EngineerAdmin"; }; "234742391591" = { name = "logging"; role = "EngineerAdmin"; }; "373670440571" = { name = "mars-archive"; role = "EngineerAdmin"; }; "389203956472" = { name = "mvsa-dev"; role = "EngineerAdmin"; }; "120705294404" = { name = "networking"; role = "EngineerAdmin"; }; "540592891828" = { name = "repo-tools-nonprod"; role = "EngineerAdmin"; }; "199128305162" = { name = "security"; role = "EngineerAdmin"; }; "205744758777" = { name = "shared-services"; role = "EngineerAdmin"; }; "502262283075" = { name = "staticengine-ci"; role = "EngineerAdmin"; }; "593005598611" = { name = "Veracode Marketplace Sales Account"; role = "EngineerAdmin"; }; "544286724460" = { name = "veracode-api-security-dev"; role = "EngineerAdmin"; }; "426703640137" = { name = "veracode-cmk-production"; role = "EngineerAdmin"; }; "227890167531" = { name = "veracode-cmk-staging"; role = "EngineerAdmin"; }; "833309876439" = { name = "veracode-datalake-nonprod"; role = "EngineerAdmin"; }; "231215122795" = { name = "veracode-datalake-prod"; role = "EngineerAdmin"; }; "556105087578" = { name = "veracode-devops-sandbox"; role = "EngineerAdmin"; }; "419934374614" = { name = "veracode-dynamic-nonprod"; role = "EngineerAdmin"; }; "743424160468" = { name = "veracode-dynamic-prod"; role = "EngineerAdmin"; }; "026090546337" = { name = "veracode-extcmk-c01"; role = "EngineerAdmin"; }; "026090544016" = { name = "veracode-extcmk-dev"; role = "EngineerAdmin"; }; "527791905507" = { name = "veracode-gov-production"; role = "EngineerAdmin"; }; "241823169104" = { name = "veracode-gov-security"; role = "EngineerAdmin"; }; "337544356528" = { name = "veracode-gov-staging"; role = "EngineerAdmin"; }; "125763904786" = { name = "veracode-l2-support"; role = "EngineerAdmin"; }; "361598275817" = { name = "veracode-laputa-sandbox"; role = "EngineerAdmin"; }; "165970187232" = { name = "veracode-lz-data-dr"; role = "EngineerAdmin"; }; "135394645105" = { name = "veracode-lz-data-nonprod"; role = "EngineerAdmin"; }; "041513053014" = { name = "veracode-lz-data-prod"; role = "EngineerAdmin"; }; "341176679750" = { name = "veracode-lz-futureville"; role = "EngineerAdmin"; }; "011479462201" = { name = "veracode-lz-master"; role = "EngineerAdmin"; }; "900979254221" = { name = "veracode-lz-static-non-prod"; role = "EngineerAdmin"; }; "867871251596" = { name = "veracode-lz-static-prod"; role = "EngineerAdmin"; }; "621415697837" = { name = "veracode-pac-lz-nonproduction"; role = "EngineerAdmin"; }; "677563424528" = { name = "veracode-pac-lz-production"; role = "EngineerAdmin"; }; "055143528572" = { name = "veracode-platform-nonprod"; role = "EngineerAdmin"; }; "432322876094" = { name = "veracode-platform-prod"; role = "EngineerAdmin"; }; "772788280252" = { name = "veracode-sca-nonprod"; role = "EngineerAdmin"; }; "978530908597" = { name = "veracode-sca-prod"; role = "EngineerAdmin"; }; "129575015961" = { name = "veracode-sky-github"; role = "EngineerAdmin"; }; "157122231047" = { name = "veracode-status"; role = "EngineerAdmin"; }; }; old-world = { "747166839737" = { name = "Alternator Prod"; role = "EngineerAdmin"; }; "849762296401" = { name = "aws-cloudloop"; role = "EngineerAdmin"; }; "555828001259" = { name = "aws-devops"; role = "EngineerAdmin"; }; "095180515219" = { name = "aws-disco-dev"; role = "EngineerAdmin"; }; "602400992919" = { name = "aws-disco-prod"; role = "EngineerAdmin"; }; "671440995558" = { name = "aws-mpt"; role = "EngineerAdmin"; }; "390809507444" = { name = "aws-research"; role = "EngineerAdmin"; }; "547681985753" = { name = "aws-static-dev"; role = "EngineerAdmin"; }; "576836758243" = { name = "aws-static-prod"; role = "EngineerAdmin"; }; "272739225222" = { name = "Greenlight Dev"; role = "EngineerAdmin"; }; "187309115203" = { name = "Greenlight Prod"; role = "EngineerAdmin"; }; "312566581319" = { name = "mvsa-prod"; role = "EngineerAdmin"; }; "528304698271" = { name = "ops1"; role = "EngineerAdmin"; }; "178484873978" = { name = "ops2"; role = "EngineerAdmin"; }; "036935693235" = { name = "platform-integrations-dev"; role = "EngineerAdmin"; }; "101042440253" = { name = "platform-integrations-prod"; role = "EngineerAdmin"; }; "769404944768" = { name = "Veracode GovCloud Parent Staging"; role = "EngineerAdmin"; }; "932961976631" = { name = "Veracode Laputa"; role = "EngineerAdmin"; }; "706178003760" = { name = "Veracode Master"; role = "EngineerAdmin"; }; "227458413628" = { name = "veracode-asc-ilt"; role = "EngineerAdmin"; }; "637659597440" = { name = "veracode-dataservices-dev"; role = "EngineerAdmin"; }; "360252896736" = { name = "veracode-dataservices-production"; role = "EngineerAdmin"; }; "634743813634" = { name = "veracode-elearning-nonprod"; role = "EngineerAdmin"; }; "231131777030" = { name = "veracode-gov-parent-nonproduction"; role = "EngineerAdmin"; }; "391700338873" = { name = "veracode-gov-parent-production"; role = "EngineerAdmin"; }; "083679226615" = { name = "veracode-hackathon"; role = "EngineerAdmin"; }; "228885042232" = { name = "veracode-info-sec"; role = "EngineerAdmin"; }; "653330403905" = { name = "veracode-mpt-mffc"; role = "EngineerAdmin"; }; "566201213358" = { name = "veracode-nonproduction"; role = "EngineerAdmin"; }; "518031149952" = { name = "veracode-production"; role = "EngineerAdmin"; }; "966752150300" = { name = "veracode-qaoncloud-nonproduction"; role = "EngineerAdmin"; }; "221433242586" = { name = "veracode-solutions-architect"; role = "EngineerAdmin"; }; "576647558819" = { name = "VeraRadio"; role = "EngineerAdmin"; }; }; longbow = { "520315734741" = { name = "Audit"; role = "AWS-Engineer-Admin"; }; "853528449373" = { name = "demo"; role = "AWS-Engineer-Admin"; }; "058887878640" = { name = "Dev"; role = "AWS-Engineer-Admin"; }; "539590419140" = { name = "Hans Gruber"; role = "AWS-Engineer-Admin"; }; "048352314288" = { name = "Log archive"; role = "AWS-Engineer-Admin"; }; "066179854877" = { name = "Production"; role = "AWS-Engineer-Admin"; }; "388353868666" = { name = "SaaS Seller Account"; role = "AWS-Engineer-Admin"; }; "057168112839" = { name = "Sandbox"; role = "AWS-Engineer-Admin"; }; "704459292453" = { name = "Shared Services"; role = "AWS-Engineer-Admin"; }; "108911762463" = { name = "Staging"; role = "AWS-Engineer-Admin"; }; "252894127310" = { name = "TalonX"; role = "AWS-Engineer-Admin"; }; "932480454180" = { name = "Test Customer"; role = "AWS-Engineer-Admin"; }; }; }; in { home.file."${homedir}/.aws/config" = { text = '' [default] region = us-east-1 [sso-session veracode-us] sso_start_url = https://d-906716ce52.awsapps.com/start/ sso_region = us-east-1 sso_registration_scopes = sso:account:access [sso-session veracode-eu] sso_start_url = https://d-996723c1d4.awsapps.com/start sso_region = eu-central-1 sso_registration_scopes = sso:account:access [sso-session veracode-old-world] sso_start_url = https://d-90679ac9ea.awsapps.com/start sso_region = us-east-1 sso_registration_scopes = sso:account:access [sso-session veracode-longbow] sso_start_url = https://d-90677f445e.awsapps.com/start sso_region = us-east-1 sso_registration_scopes = sso:account:access [sso-session veracode-gov-stag] sso_start_url = https://???.awsapps.com/start sso_region = us-east-1 sso_registration_scopes = sso:account:access [profile veracode-gov-staging-gov] sso_account_id = 403885414333 sso_session = veracode-gov-stag sso_role_name = Corp-Engineer region = us-east-1 output = json ${builtins.concatStringsSep "\n" ( lib.mapAttrsToList (id: account: '' [profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-us region = us-east-1 output = json [profile us-${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-us region = us-east-1 output = json '') accounts.us )} ${builtins.concatStringsSep "\n" ( lib.mapAttrsToList (id: account: '' ${ if lib.any (usAccount: usAccount.name == account.name) (lib.attrValues accounts.us) then "" else '' [profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-eu region = eu-central-1 output = json '' } [profile eu-${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-eu region = eu-central-1 output = json '') accounts.eu )} ${builtins.concatStringsSep "\n" ( lib.mapAttrsToList (id: account: '' ${ if lib.any (otherAccount: otherAccount.name == account.name) ( lib.attrValues (accounts.us // accounts.eu) ) then "" else '' [profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-old-world region = eu-central-1 output = json '' } [profile old-world-${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-old-world region = eu-central-1 output = json '') accounts.old-world )} ${builtins.concatStringsSep "\n" ( lib.mapAttrsToList (id: account: '' ${ if lib.any (otherAccount: otherAccount.name == account.name) ( lib.attrValues (accounts.us // accounts.eu // accounts.old-world) ) then "" else '' [profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-longbow region = eu-central-1 output = json '' } [profile longbow-${builtins.replaceStrings [ " " ] [ "" ] account.name}] sso_account_id = ${id} sso_role_name = ${account.role} sso_session = veracode-longbow region = eu-central-1 output = json '') accounts.longbow )} ''; }; home.file."${homedir}/.okta_aws_login_config" = { source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config"; }; home.packages = [ pkgs.gimme-aws-creds ]; programs.zsh.shellAliases = { export-aws-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" '' gimme-aws-creds --profile govus-stage echo "export AWS_REGION=us-gov-west-1" ''}''; veracode-find = ''${pkgs.writeShellScript "veracode-find" '' for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do echo "=== $profile ===" aws --profile $profile "$@"; done ''}''; veracode-find-eu = ''${pkgs.writeShellScript "veracode-find-eu" '' for profile in $(aws configure list-profiles | grep -E '^(eu)-'); do echo "=== $profile ===" aws --profile $profile "$@"; done ''}''; veracode-find-us = ''${pkgs.writeShellScript "veracode-find-us" '' for profile in $(aws configure list-profiles | grep -E '^(us)-'); do echo "=== $profile ===" aws --profile $profile "$@"; done ''}''; veracode-find-old-world = ''${pkgs.writeShellScript "veracode-find-old-world" '' for profile in $(aws configure list-profiles | grep -E '^(old-world)-'); do echo "=== $profile ===" aws --profile $profile "$@"; done ''}''; veracode-find-longbow = ''${pkgs.writeShellScript "veracode-find-longbow" '' for profile in $(aws configure list-profiles | grep -E '^(longbow)-'); do echo "=== $profile ===" aws --profile $profile "$@"; done ''}''; veracode-login = ''${pkgs.writeShellScript "veracode-login" '' for region in us eu; do aws sso login --profile $region-shared-services & done aws sso login --profile old-world-aws-devops & aws sso login --profile longbow-SharedServices & ''}''; }; }