Use AWS CLI SSO Login

Last Updated: 2022-09-19


Use the AWS CLI to manage login credentials for SSO-managed accounts. You no longer have to update access keys several times a day.

To get started, log in using SSO and navigate to the AWS SSO Portal. Make note of the SSO portal URL, which looks similar too:

https://d-123abcd4e6.awsapps.com/start

Create an AWS Named Profile for each account you want to configure. Use the --profile flag or export the AWS_PROFILE environment variable:

export AWS_PROFILE=work-dev-profile

Use the configure command to setup SSO access for the Named Profile:

aws configure sso

This creates the NamedProfile if it did not already exist. An entry should be added to your ~/.aws/config:

[profile work-dev-profile]
sso_start_url = https://d-123abcd4e6.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789012
sso_role_name = Work-Dev-SSO
region = us-east-1

Log in, using:

aws sso login

Validate your connection details have been configured properly by running:

aws sts caller-identity

Repeat for other accounts.