- Newest
- Most votes
- Most comments
Take a look at the aws configure sso command for the AWS CLI v2. This command can set up named profiles for IAM roles that you have access to.
So the theme here seems to be: "First, you must switch to AWS SSO," right?
Yes, but you can still use Azure AD as your identity source. Some instructions here: https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html. If that's not an option for you, there does exist some open source tooling for various IdPs that the community has built to get CLI credentials.
AWS SSO can be used with your IdP of choice. Here is a good lab which describes how to set it up with Azure AD. AWS SSO will manage short term rotation of API Access and Secret key along with a session token.
You may have missed the "ELI5" and "CLI" portions of my question?
I do, of course, use SSO every day for console access. This question, to be painfully clear, is about CLI though.
AWS SSO gives your role both console and CLI access. You can just copy / paste your access, secret, & session keys from the AWS SSO sign-in page. Alternatively, this doc may help you set up the CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
Hello Eli5, an AWS native solution would be for you enable AWS SSO and integrate it with your Azure AD [https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html]. Once this is done, you can authenticate to the AWS SSO console (using your Azure AD creds) and then select the Command Line from dashboard and get the temp credentials for CLI access. Without the AWS SSO, you may want to use third-party tools such as: https://blog.migrationking.com/2020/09/how-to-login-to-aws-using-cli-with.html https://github.com/sportradar/aws-azure-login
Hi, for sure you have to check out aws configure sso command of the AWS CLI.
My point is, that seeing how AWS manages the sso
directory in a plain text file inside the ~/.aws/
folder, as posted here, I prefer to manage these credentials with an open-source tool: Leapp
Btw, with Leapp I can also manage multiple AWS Single-Sign-On access at the same time, and at the same time, it manage Azure credentials too
Relevant content
- Accepted Answerasked 3 years ago
- asked 3 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
For those confused, "ELI5" means "Explain Like I'm 5". :-)