🐣 Add module, get into proper version control

Author: mtboren

ReadMe.md

@@ -0,0 +1,103 @@
+# AWS SSO Programmatic Credentials, Programmatically
+When credentials are available via the AWS SSO Identity Center ("IDC"), we can [reasonably] easily get AWS credentials for use with the AWS tools that we know and love (SDKs, CLIs, PowerShell modules, etc.).
+
+Herein is a PowerShell module that simplifies getting accounts, roles, and credentials for some identity (the user).
+
+## What
+Simplify the creation of AWS credentials to SSO accounts/roles that an identity is entitled via AWS SSO Identity Center.
+
+## Quick Start
+To import this module
+1. Save or install the module from the PowerShell Gallery:
+    ```powershell
+    ## save it locally for initial inspection -- safety first!
+    Find-Module vN.AWSSSO | Save-Module -Path C:\Temp
+    ## ..then inspect code to confirm trustworthiness
+
+    ## orrr, install straight away, as vNugglets is a reputable publisher
+    Find-Module vN.AWSSSO | Install-Module
+    ```
+1. Profit (see examples in [How](#how) section below)
+
+### And, handy default value for Parameter
+To simplify even further the getting of temporary credentials from AWS for accounts/roles, we can make a default value for the `-StartUrl` parameter of `New-VNAWSSSOOIDCTokenViaDeviceCode`:
+```powershell
+$PSDefaultParameterValues['New-VNAWSSSOOIDCTokenViaDeviceCode:StartUrl'] = "https://mycoolstart.awsapps.com/start/"
+```
+This then passes the given URL as the value for `-StartUrl` to this cmdlet each time we invoke the cmdlet. And, of course, we could put that default parameter value definition in somewhere like our PowerShell profile so that this default is always in place.
+
+## Why
+It is currently a bit more involved than "auth, then get creds for account/role". So, to make most simple the flow of getting such credentials in a natural way (minimal/zero configuration, and with rich objects and normal filtering we all know and love), let's abstract away the intricacies and make things "just work". 👍
+
+## Gist
+Super simple pseudo code depiction:
+```
+new oidc token | get accounts | get roles | get rolecred | do something with rolecred
+```
+
+A bit more explicit-, but still pseudo, flow:
+```PowerShell
+## some pseudo code to describe the flow
+## get the SSO OIDC access token that will allow us to do subsequent things (get account info, get account role info, get role cred)
+new ssooidc token
+## get the accounts to which the OIDC token provides access
+get sso account list | Foreach-Object
+    ## get the SSO-related roles to which we are entitled in the given AWS account
+    get sso account role list |
+        ## filter on <whatveer we like> to get just the account/role info for which to get temp creds
+        Where-Object rolename matches something | Foreach-Object
+            ## get the temp creds for the given account and role combos
+            Get-SSORoleCredential
+## do something with those creds; for example, save them in the AWS creds location like .NET SDK or CLI "shared-creds" ini file)
+| save the AWS credential
+
+## then, profit!
+```
+## How
+A mostly realistic example of getting some credentials.
+
+1. Authenticate in your web browser as the account you want to use for AWS SSO interaction. For example, if Microsoft is the federated identity provider, go to the account management page there (https://myaccount.microsoft.com) and ensure that the desired account is "signed in" in the given web browser
+1. Using cmdlets from this module, get and filter some role/account info, generate new temp credentials, and save them:
+    ```PowerShell
+    ## make a new SSO OIDC token
+    New-VNAWSSSOOIDCTokenViaDeviceCode -StartUrl https://mycoolstart.awsapps.com/start/ -Verbose
+    ## get account/role info, filter, get cred for role, get AWS temp cred
+    Get-VNAWSSSOAccountAndRoleInfo |
+        Where-Object accountname -like my-cool-account-* |
+        Where-Object RoleName -match _myadminrole_ |
+        New-VNAWSSSORoleTempCredential -Verbose |
+        ## save to the AWS creds file the temp creds for each account/role
+        Set-AWSCredential -ProfileLocation (Resolve-Path ~\.aws\credentials)
+    ```
+
+And, to see that example as a likely candidate to paste straight into a PowerShell session (one-line format):
+```PowerShell
+## make a new SSO OIDC token, get account/role info, filter, get cred for role, get AWS temp cred, save to the AWS creds file the temp creds for each account/role
+New-VNAWSSSOOIDCTokenViaDeviceCode -StartUrl https://mycoolstart.awsapps.com/start/; Get-VNAWSSSOAccountAndRoleInfo | Where-Object accountname -like my-cool-account-* | Where-Object RoleName -match _myadminrole_ | New-VNAWSSSORoleTempCredential -Verbose | Set-AWSCredential -ProfileLocation (Resolve-Path ~\.aws\credentials)
+```
+
+## More Coolness 😎
+One of the wonderful things that this approach enables is the programmatic retrieval of accounts and roles to which an identity/user is entitled.
+
+It is in the "get temp creds" example above, but to focus on the, "get all the roles/accounts I _could_ use" use case:
+```PowerShell
+## get _all_ account/role info for this user identity
+Get-VNAWSSSOAccountAndRoleInfo
+## *poof*!
+
+## get account/role info, filter like all the other PowerShell filtering we already know and love ❣!
+Get-VNAWSSSOAccountAndRoleInfo |
+    Where-Object accountname -like my-cool-account-* |
+    Where-Object RoleName -match _myadminrole_
+```
+
+## Other
+The native AWS cmdlets can make all of this happen. This module is to simplify such things, so we can:
+- easily get the accounts and roles to which our identity is entitled
+    - this enables the natural PowerShell behavior we know and love of, "get some stuff, maybe filter some stuff, then do something with the stuff"
+    - so, for example, we can now programmatically get all of the accounts/roles to which we are entitled _as objects_, and then do the rest of the "cool" (valuable) stuff for the use case -- audit access, filter which roles to generate creds for, etc
+- easily generate role credentials
+    - this also enables some natural PowerShell behavior:  get some creds and do something with them; namely, save in the \<wherever the use case dictates> location
+    - ...say, by piping the object to something that will store the credential, like `Set-AWSCredential`, and with the flexibility to specify the traditional filesystem shared-credentials file, or in a secure place (.NET SDK store), or wherever
+
+This module provides similar outcomes to the module https://github.com/e0c615c8e4d846ef817cd5063a88716c/AWSSSOHelper, but also focuses on enabling those aforementioned "natural" PowerShell capabilities / experiences / use-cases.

Update-ThisModuleManifest.ps1

@@ -0,0 +1,56 @@
+<#	.Description
+	Some code to help automate the updating of the ModuleManifest file (will create it if it does not yet exist, too)
+#>
+[CmdletBinding(SupportsShouldProcess=$true)]
+param(
+	## Module Version to set
+	[parameter(Mandatory=$true)][System.Version]$ModuleVersion,
+
+	## Recreate the manifest (overwrite with full, fresh copy instead of update?)
+	[Switch]$Recreate
+)
+begin {
+	$strModuleName = "vN.AWSSSO"
+	$strFilespecForPsd1 = Join-Path ($strModuleFolderFilespec = "$PSScriptRoot\$strModuleName") "${strModuleName}.psd1"
+
+	$hshManifestParams = @{
+		# Confirm = $true
+		Path = $strFilespecForPsd1
+		ModuleVersion = $ModuleVersion
+        Author = "Matt Boren, vNugglets"
+		Copyright = "MIT License"
+		Description = "Module with functions for simplifying and making more natural the getting of AWS accounts, roles, and credentials via AWS SSO Identity Center ('IDC') related 'native' cmdlets from AWS-provided PowerShell modules"
+		## some aliases
+		# AliasesToExport = Write-Output "blah"
+		FileList = Write-Output "${strModuleName}.psd1" "${strModuleName}_functions.psm1" "en-US\about_${strModuleName}.help.txt"
+		FunctionsToExport = Write-Output Get-VNAWSSSOAccountAndRoleInfo New-VNAWSSSOOIDCTokenViaDeviceCode New-VNAWSSSORoleTempCredential
+		# IconUri = "https://github.com/vNugglets/something"
+		# LicenseUri = "https://github.com/vNugglets/something"
+		## scripts (.ps1) that are listed in the NestedModules key are run in the module's session state, not in the caller's session state. To run a script in the caller's session state, list the script file name in the value of the ScriptsToProcess key in the manifest; RegisterArgCompleter apparently needs to be added _after_ function definition .ps1 files are run (via NestedModules) (else, given functions are not defined, and if RegisterArgCompleter is referring to commands from module dynamically, it would not get them; that is the case if the function definitions are in a .psm1 file instead of .ps1 file, and are being defined in NestedModules)
+		# NestedModules = Write-Output "${strModuleName}_functions.psm1"
+		# PassThru = $true
+		PowerShellVersion = [System.Version]"7.0"
+		ProjectUri = "https://github.com/vNugglets/something"
+		ReleaseNotes = "See release notes / ReadMe at the project URI"
+		RootModule = "${strModuleName}_functions.psm1"
+		# RequiredModules = "Some.Other.Module"
+		Tags = Write-Output AWS SSO IdentityCenter IDC SSOIDC SingleSignOn Natural FaF
+		# Verbose = $true
+	} ## end hashtable
+} ## end begin
+
+process {
+	$bManifestFileAlreadyExists = Test-Path $strFilespecForPsd1
+	## check that the FileList property holds the names of all of the files in the module directory, relative to the module directory
+	## the relative names of the files in the module directory (just filename for those in module directory, "subdir\filename.txt" for a file in a subdir, etc.)
+	$arrRelativeNameOfFilesInModuleDirectory = Get-ChildItem $strModuleFolderFilespec -Recurse | Where-Object {-not $_.PSIsContainer} | ForEach-Object {$_.FullName.Replace($strModuleFolderFilespec, "", [System.StringComparison]::OrdinalIgnoreCase).TrimStart("\")}
+	if ($arrDiffResults = (Compare-Object -ReferenceObject $hshManifestParams.FileList -DifferenceObject $arrRelativeNameOfFilesInModuleDirectory)) {Write-Error "Uh-oh -- FileList property value for making/updating module manifest and actual files present in module directory do not match. Better check that. The variance:`n$($arrDiffResults | Out-String)"} else {Write-Verbose -Verbose "Hurray, all of the files in the module directory are named in the FileList property to use for the module manifest"}
+	$strMsgForShouldProcess = "{0} module manifest" -f $(if ((-not $bManifestFileAlreadyExists) -or $Recreate) {"Create"} else {"Update"})
+	if ($PsCmdlet.ShouldProcess($strFilespecForPsd1, $strMsgForShouldProcess)) {
+		## do the actual module manifest update
+		if ((-not $bManifestFileAlreadyExists) -or $Recreate) {Microsoft.PowerShell.Core\New-ModuleManifest @hshManifestParams}
+		else {PowerShellGet\Update-ModuleManifest @hshManifestParams}
+		## replace the comment in the resulting module manifest that includes "PSGet_" prefixed to the actual module name with a line without "PSGet_" in it
+		(Get-Content -Path $strFilespecForPsd1 -Raw).Replace("# Module manifest for module 'PSGet_$strModuleName'", "# Module manifest for module '$strModuleName'") | Set-Content -Path $strFilespecForPsd1
+	} ## end if
+} ## end prcoess

vN.AWSSSO/en-US/about_vN.AWSSSO.help.txt

@@ -0,0 +1,30 @@
+TOPIC
+    about_vN.AWSSSO
+
+SHORT DESCRIPTION
+    Module encapsulating functions for simplified AWS SSO IDC interactions
+
+LONG DESCRIPTION
+    A module that provides functions for easily interacting with AWS SSO Identity
+    Center for account- and role information gathering, and temporary credential
+    creation.
+
+    Based on tidbits from Set-AwsCliSsoCredentials.ps1, from AWS at
+    https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/update-aws-cli-credentials-from-aws-iam-identity-center-by-using-powershell.html
+
+EXAMPLES
+    All of the cmdlets in this module have proper comment-based help.  Discover
+    and learn via the standard PowerShell way:
+
+        Get-Help -Full <cmdlet-name>
+
+KEYWORDS
+    AWS
+    AWS SSO
+    AWS SSO IDC
+    AWS SSO Identity Center
+    vN
+    vNugglets
+    FaF
+
+SEE ALSO

vN.AWSSSO/vN.AWSSSO.psd1

@@ -0,0 +1,136 @@
+#
+# Module manifest for module 'vN.AWSSSO'
+#
+# Generated by: Matt Boren, vNugglets
+#
+# Generated on: 9/18/2025
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+RootModule = 'vN.AWSSSO_functions.psm1'
+
+# Version number of this module.
+ModuleVersion = '1.4.0'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '8361b1fa-f543-43be-9101-725fb831dedf'
+
+# Author of this module
+Author = 'Matt Boren, vNugglets'
+
+# Company or vendor of this module
+CompanyName = 'Unknown'
+
+# Copyright statement for this module
+Copyright = 'MIT License'
+
+# Description of the functionality provided by this module
+Description = 'Module with functions for simplifying and making more natural the getting of AWS accounts, roles, and credentials via AWS SSO Identity Center (''IDC'') related ''native'' cmdlets from AWS-provided PowerShell modules'
+
+# Minimum version of the PowerShell engine required by this module
+PowerShellVersion = '7.0'
+
+# Name of the PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# ClrVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = 'Get-VNAWSSSOAccountAndRoleInfo', 
+               'New-VNAWSSSOOIDCTokenViaDeviceCode', 
+               'New-VNAWSSSORoleTempCredential'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = '*'
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = '*'
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+FileList = 'vN.AWSSSO.psd1', 'vN.AWSSSO_functions.psm1', 
+               'en-US\about_vN.AWSSSO.help.txt'
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+    PSData = @{
+
+        # Tags applied to this module. These help with module discovery in online galleries.
+        Tags = 'AWS','SSO','IdentityCenter','IDC','SSOIDC','SingleSignOn','Natural','FaF'
+
+        # A URL to the license for this module.
+        # LicenseUri = ''
+
+        # A URL to the main website for this project.
+        ProjectUri = 'https://github.com/vNugglets/something'
+
+        # A URL to an icon representing this module.
+        # IconUri = ''
+
+        # ReleaseNotes of this module
+        ReleaseNotes = 'See release notes / ReadMe at the project URI'
+
+        # Prerelease string of this module
+        # Prerelease = ''
+
+        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+        # RequireLicenseAcceptance = $false
+
+        # External dependent modules of this module
+        # ExternalModuleDependencies = @()
+
+    } # End of PSData hashtable
+
+ } # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
+