How to Configure AWS SSO CLI Access

AWS Single Sign On (SSO) is where users can connect centrally and access multiple AWS accounts and applications from one place.

AWS SSO makes it easy to centrally manage access to multiple AWS accounts and business applications. It provides users a single sign-on experience to all their assigned accounts and applications from one place.

Prerequisites

• AWS CLI version 2 installed on your machine
• An AWS account with SSO configured
• Your SSO start URL from your administrator

Configure SSO with AWS CLI

To configure AWS SSO with the CLI, run the following command:

aws configure sso

You will be prompted to enter:

1. SSO start URL: The URL provided by your administrator (e.g., https://my-sso-portal.awsapps.com/start)
2. SSO Region: The AWS region where your SSO is configured
3. SSO registration scopes: Press Enter to use the default

A browser window will open for you to authenticate. After successful authentication, you'll be able to select which account and role to use.

Using SSO Profiles

Once configured, you can use the SSO profile with any AWS CLI command:

aws s3 ls --profile my-sso-profile

To log in to your SSO session:

aws sso login --profile my-sso-profile

SSO sessions typically last 8 hours, after which you'll need to log in again.