Versions Compared

Old Version 26

changes.mady.by.user Garrison Vaughan

Saved on

compared with

New Version 27

changes.mady.by.user Garrison Vaughan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Set up the SSO session:
    aws configure sso-session
  2. Enter the required details:
    • SSO session name: myyour-orgmemorable-sso-name (choose a memorable name)
    • SSO start URL: https://d-9067c5bbc5.awsapps.com/start/#
    • SSO region: us-east-1 
    • SSO registration scopes: sso:account:access

...

Provide the following information:

  • SSO session name: myyour-orgmemorable-sso-name (same as above)
  • SSO account ID: The 12-digit AWS account ID
  • SSO role name: The role name you want to assume (e.g., Project-Admin, Project-Power-User, Project-Read-Only)
  • CLI default client Region: us-east-1 (or your preferred region)
  • CLI default output format: json

  • Profile name [default_provided]: (choose a memorable name)

Manual Configuration (Alternative)

For multiple accounts/roles, you You can manually edit ~/.aws/config:

[sso-session myyour-orgmemorable-sso-name]
sso_region = us-east-1
sso_start_url = https://d-9067c5bbc5.awsapps.com/start/#

[profile dev-accountyour-memorable-profile-name-1]
sso_session = myyour-orgmemorable-sso-name
sso_account_id = 111122223333your-AWS-account's-numeric-accoun-ID
sso_role_name = your-role(e.g. Project-Power-User)
region = us-east-1
output = json

[profile prod-accountyour-memorable-profile-name-1]
sso_session = myyour-orgmemorable-sso-name
sso_account_id = 444455556666your-other-AWS-account's-numeric-account-ID
sso_role_name = your-role(e.g. Project-Read-Only)
region = us-east-1
output = json

...

  1. Sign in to SSO:
    aws sso login --profile devyour-profile-accountname

    This will open your browser for authentication (same process as portal login).
  2. Run AWS CLI commands:

     aws sts get-caller-identity --profile your-profile-name

           If you do no do not want to specify --profile your-profile-name  for every command:

          export AWS_PROFILE=your-profile-name


Sign out when finished:

aws sso logout

...

  1. Log into the AWS Access Portal using the steps above
  2. Select your desired AWS account and role
  3. In the account/role view, click "Command line or programmatic access"
  4. Choose your preferred option:
    • Option 1: Copy and paste the temporary credentials as environment variables
    • Option 2: Add the temporary credentials to your ~/.aws/credentials file
    • Option 3: Use the provided aws configure commands

...

  1. account 
  2. Select 'Access keys' next to the role you want to use to access the AWS account
  3. Follow the instructions provided for the access key approach you want to use