Wego

Open Sidebar

AWS SSO CLI

by Madan Kumar on Read in

Topic

  1. Client machine Pre-Requisite
  2. Configure AWS CLI

Prerequisite in the client machine (MacBook):

  1. Install/Update  AWS CLI version 2
  2. Install session-manager-plugin
  3. Install ec2 instance connect cli

Install AWS CLI v2

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Successful installation should output like below

Install session-manager-plugin

curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/session-manager-plugin.pkg" -o "session-manager-plugin.pkg"
sudo installer -pkg session-manager-plugin.pkg -target /
sudo ln -s /usr/local/sessionmanagerplugin/bin/session-manager-plugin /usr/local/bin/session-manager-plugin

Successful installation should output like below

Install ec2 instance connect cli

pip3 install ec2instanceconnectcli

Configure AWS CLI:

First delete any previously configured AWS Credentials

cp ~/.aws/credentails ~/.aws/credentails-bakup
rm -rf ~/.aws/credentails

You can add an AWS SSO enabled profile to your AWS CLI by running the following command, providing your AWS SSO start URL and the AWS Region.

AWS CLI displays the AWS accounts available for you to use. If you are authorised to use only one account, the AWS CLI selects that account for you automatically and skips the prompt. The AWS accounts that are available for you to use are determined by your user configuration in AWS SSO.

AWS CLI confirms your account choice, and displays the IAM roles that are available to you in the selected account. If the selected account lists only one role, the AWS CLI selects that role for you automatically and skips the prompt. The roles that are available for you to use are determined by your user configuration in AWS SSO.

Repeat the same for all the roles as per your requirement.

Since the access key and secret key is valid only for 12 hours and you receive below error

If keys expires need to renew the Keys and no need to repeat these steps again. renewal process is very simple.

aws sso login --profile <profile name which configured>

Happy Coding !!!!!

View Comments

Close Sidebar