aws-sso-login
is a lightweight wrapper that relies on aws-cli
's built-in aws sso login
.
It adds an extra steps that set the short-lived credentials directly in your ~/.aws/credentials
file.
That allow backward-compatibility with 3rd party tools that are not supporting yet the new credentials format.
When using an AWS SSO
, users can retrieve short-lived access keys:
- from the User Portal (ie:
https://xxx.awsapps.com/start
) - or using the
aws sso login
command
When using the aws sso login
option, the short-lived credentials are stored in ~/.aws/cli/cache
.
Historically, credentials were rather stored in ~/.aws/credentials
.
Some 3rd party tools are still not supporting credentials from ~/.aws/cli/cache
.
aws-cli
v2jq
- copy the
aws-sso-login
in your$PATH
- make it executable
INSTALL_DIR=/usr/local/bin
sudo wget -O "${INSTALL_DIR}/aws-sso-login" https://raw.githubusercontent.com/stang/aws-sso-login/master/aws-sso-login
sudo chmod +x "${INSTALL_DIR}/aws-sso-login"
- configure aws sso
- use
aws-sso-login [--profile profile]
instead ofaws sso login
aws-sso-login
will use the AWS profile set as following (first match takes precedences):
- passed via the
--profile
arg AWS_PROFILE
environment variableAWS_SSO_DEFAULT_PROFILE
environment variable- use
default
- We're sacrifying the
~/.aws/cli/cache
mechanism (see details)