viernes, 14 de noviembre de 2025

AWS CLI SSO

 

To log in to AWS CLI using SSO (IAM Identity Center), follow these steps:
  • Configure your AWS CLI profile for SSO:
This step sets up the necessary configuration in your AWS CLI profile to use IAM Identity Center for authentication. You will need your SSO Start URL and SSO Region.
Código
    aws configure sso
The command will interactively prompt you for:
  • SSO Start URL: The URL for your organization's AWS access portal.
  • SSO Region: The AWS Region where your IAM Identity Center instance is located.
  • AWS Account ID: The AWS account you want to access.
  • Role Name: The IAM role (permission set) you want to assume within that account.
  • Default output format: (e.g., json, text, table)
  • Default region: The AWS Region where your commands will be sent by default.
  • Profile name: A name for this SSO profile (e.g., my-sso-profile).
To use the profile:
aws sts get-caller-identity --profile aeropay 
 
Log in to IAM Identity Center.
After configuring the profile, you need to initiate the login process to obtain temporary credentials.
Código
aws sso login --profile <your-profile-name>
export AWS_PROFILE=company-profile
 
Replace <your-profile-name> with the name you provided in the aws configure sso step. This command typically opens your default web browser to the IAM Identity Center login page, where you authenticate using your organization's credentials. Once authenticated, the AWS CLI retrieves and caches temporary credentials.
Note: If you prefer not to open a browser, you can use the --no-browser or --use-device-code options with aws sso login. Use the configured profile.
After a successful login, you can use the configured profile to execute AWS CLI commands.
Código
    aws s3 ls --profile <your-profile-name>
This command would list your S3 buckets using the credentials obtained through your SSO session.
Important Considerations:
  • AWS CLI Version:
    Ensure you are using AWS CLI version 2, as SSO integration is primarily supported in this version.
  • Session Management:
    SSO sessions have a limited duration. When your session expires, you will need to run aws sso login again to refresh your credentials.
  • Logout:
    To explicitly log out and remove cached credentials, use aws sso logout --profile <your-profile-name>

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)