Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

drewmullen
drewmullen

Posted on

     

AWS Creds in the CLI via SSO

Problem

Do you often need credentials in your AWS CLI?

Are you overly familiar with this screen (AWS SSO start page)?

Image description

If you do not have AWS SSO setup, check out theAWS documentation then come back to this post!

A better credential experience

Yesterday I learned from my colleague@danquack a fun feature built into the AWS CLI. If you already have AWS SSO configured for your Org and are using the GUI to get credentials, follow this post and you can expect an improved AWS CLI credential management experience.

My new, simpler process to get temporary creds from SSO:

Specify which profile I want and login:

$exportAWS_PROFILE=<>$aws sso login
Enter fullscreen modeExit fullscreen mode

Confirm the authorization request in my browser:

Image description

Boom! Now my CLI has usable temporary credentials!

Setup

This setup is honestly extremely simple. AWS provides a guided CLI wizard and ill show the examples below.

$aws configure ssoSSO session name(Recommended):WARNING: Configuring using legacy format(e.g. without an SSO session).Consider re-running"configure sso"commandand providing a session name.SSO start URL[https://example.awsapps.com/start#/]:SSO region[us-east-1]:There are 2 AWS accounts available to you.> DeveloperAccount, developer-account-admin@example.com(123456789011)   ProductionAccount, production-account-admin@example.com(123456789022)Using the account ID 123456789011The only role available to you is: AdministratorAccessUsing the role name"AdministratorAccess"CLI default client Region[us-east-1]: us-east-2CLI default output format[None]:CLI profile name[AdministratorAccess-<>]: providerdev
Enter fullscreen modeExit fullscreen mode
  • There are 2 questions regarding region. The first is the region SSO is setup in. The second is the default region you want your CLI setup to use.
  • Setting a profile nameproviderdev is now the name ill set forexport AWS_PROFILE=providerdev

Once that is complete you can see the configuration:

$cat-p ~/.aws/config[profile providerdev]sso_start_url= https://example.awsapps.com/start#/sso_region= us-east-1sso_account_id= 123456789011sso_role_name= AdministratorAccessregion= us-east-2
Enter fullscreen modeExit fullscreen mode

Summary

AWS SSO is a great service for providing temporary credentials to known identities in your organization. The new commandaws sso login will help you and your engineers get credentials fast, easy, and securely!

Top comments(1)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss
CollapseExpand
 
rdarrylr profile image
Darryl Ruggles
Cloud Solutions Architect @ CienaAWS Community BuilderServerless, AWS, Kubernetes, Rust, Go, Terraform, Security, React, MLOps, Maker, Electronics.
  • Location
    Ottawa, ON, Canada
  • Education
    Acadia University
  • Work
    Cloud Solutions Architect @ Ciena
  • Joined

So simple but so useful! Thanks!

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Full-stack YAML engineer
  • Work
    HashiCorp
  • Joined

More fromdrewmullen

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp