Here’s a quick example configuration. I’m assuming you already have the AWS CLI packages installed, but if you need to use SSO to login to your AWS Organisation/Account, you can use the following example.
AWS CLI Configuration File
The AWS configuration file that should be located in: ~/.aws/config, with the contents such as:
[sso-session mysso]
sso_start_url = https://d-12345678.awsapps.com/start#
sso_region = eu-west-2
sso_role_name = AWSAdministratorAccess
sso_registration_scopes = sso:account:access
[profile myawsaccount1]
sso_session = mysso
sso_account_id = 12345678901
sso_role_name = AWSAdministratorAccess
region = eu-west-2
So let’s examine this file, we have the “sso-session” this is the SSO session for your AWS Organisation, your SSO Start URL will differ, as will your region and access required. So adjust accordingly. You then have a “profile” for each of your AWS Accounts, in my example I just have one, but you may want one for each of your AWS accounts that you want to login to. Obviously each must have a unique profile name, normally just using the AWS account name is sensible, and the Account ID.
Now you’re ready to login.
export AWS_PROFILE=myawsaccount1
aws sso login
You’ll then be prompted via your web browser to authenticate via SSO (and MFA assuming you have it enabled), you’re command prompt should then show you have authenticated successfully.
But what if you are on a workstation with no web browser? Well, see the next section.
AWS SSO with No Browser
It’s really simple, you just run the following:
export AWS_PROFILE=myawsaccount1
aws sso login --no-browser --use-device-code
Now take the URL shown copy and paste into your web browser window (which is already logged onto AWS) on a machine where you do have a web browser.
Note: you must not cancel/CTRL-C the command in your Workstation or it won’t work. Once you have authenticated via your web browser the CLI will then automatically log you in, once approved within your web browser.