aws-sso-login is a lightweight wrapper that relies on aws-cli's built-in aws sso login.
It adds an extra steps that set the short-lived credentials directly in your ~/.aws/credentials file.
That allow backward-compatibility with 3rd party tools that are not supporting yet the new credentials format.
When using an AWS SSO, users can retrieve short-lived access keys:
- from the User Portal (ie:
https://xxx.awsapps.com/start) - or using the
aws sso logincommand
When using the aws sso login option, the short-lived credentials are stored in ~/.aws/cli/cache.
Historically, credentials were rather stored in ~/.aws/credentials.
Some 3rd party tools are still not supporting credentials from ~/.aws/cli/cache.
aws-cliv2jq
- copy the
aws-sso-loginin your$PATH - make it executable
INSTALL_DIR=/usr/local/bin
sudo wget -O "${INSTALL_DIR}/aws-sso-login" https://raw.githubusercontent.com/stang/aws-sso-login/master/aws-sso-login
sudo chmod +x "${INSTALL_DIR}/aws-sso-login"
- configure aws sso
- use
aws-sso-login [--profile profile]instead ofaws sso login
aws-sso-login will use the AWS profile set as following (first match takes precedences):
- passed via the
--profilearg AWS_PROFILEenvironment variableAWS_SSO_DEFAULT_PROFILEenvironment variable- use
default
- We're sacrifying the
~/.aws/cli/cachemechanism (see details)