AWS SSO CLI

Topic

  1. Client machine Pre-Requisite
  2. Configure AWS CLI

Prerequisite in the client machine (MacBook):

Install AWS CLI v2

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Successful installation should output like below

Configure AWS CLI:

First delete any previously configured AWS Credentials

cp ~/.aws/credentails ~/.aws/credentails-bakup
rm -rf ~/.aws/credentails

You can add an AWS SSO enabled profile to your AWS CLI by running the following command, providing your AWS SSO start URL and the AWS Region.

AWS CLI displays the AWS accounts available for you to use. If you are authorised to use only one account, the AWS CLI selects that account for you automatically and skips the prompt. The AWS accounts that are available for you to use are determined by your user configuration in AWS SSO.

AWS CLI confirms your account choice, and displays the IAM roles that are available to you in the selected account. If the selected account lists only one role, the AWS CLI selects that role for you automatically and skips the prompt. The roles that are available for you to use are determined by your user configuration in AWS SSO.

Repeat the same for all the roles as per your requirement.

Since the access key and secret key is valid only for 12 hours and you receive below error

If keys expires need to renew the Keys and no need to repeat these steps again. renewal process is very simple.

aws sso login --profile <profile name which configured>

Happy Coding !!!!!

View Comments