The AWS CLI supports fetching credentials via SAML with AWS SSO, or directly. If your SAML IdP is configured to do seamless federation with Windows, then the user won't see a prompt for credentials (though they may see a window pop-up while the SAML federation occurs).
The AWS CLI via SAML requires an explicit AssumeRoleWithSAML call, while the AWS CLI with AWS SSO (including using another IdP to federate to it) will automatically manage credentials.
These docs may help:
- How can I use the AWS CLI to make AssumeRole calls and store temporary user credentials?
- Configuring the AWS CLI to use AWS Single Sign-On
Hope this helps.
Hello! For additional information regarding IAM roles with WorkSpaces, this link might be helpful https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html
windows 1903 on Workspacesasked 18 hours ago
AWS Quicksight Access - via Amazon Active Directory AND IAM Rolesasked 3 months ago
IAM users/roles/groups policies reportsAccepted Answerasked 9 months ago
IAM role for AWS workspaceasked 3 years ago
Identify in-built or default IAM RolesAccepted Answerasked 8 months ago
Using IAM Roles within AWS WorkSpaces (Windows)Accepted Answerasked 9 months ago
IAM roles rightsizingAccepted Answerasked 4 months ago
How to use IAM users, groups and roles with SSOasked 4 months ago
How to authenticate with AWS IAM Roles Anywhere in codeAccepted Answerasked a month ago
What are the key differences between IAM roles and IAM policies?Accepted Answerasked a month ago