- Newest
- Most votes
- Most comments
Based on what you have written, you are able to successfully setup an External aws account to be accessed via SSO setup for your organization. If you have finished the process, setting up CLI should not be any different.
For example you can add an IAM Identity Center enabled profile to your AWS CLI by running the following command, providing your IAM Identity Center start URL and the AWS Region that hosts the Identity Center directory.
$ aws configure sso
SSO start URL [None]: https://my-sso-portal.awsapps.com/start
SSO region [None]:us-east-1
The IAM Identity Center browser page prompts you to sign in with your IAM Identity Center credentials. This enables the AWS CLI (through the permissions associated with your IAM Identity Center) to retrieve and display the AWS accounts and roles that you are authorized to use with IAM Identity Center.
This will report the accounts as shown below which you can pick to enable access to the account.
There are 2 AWS accounts available to you.
> DeveloperAccount, developer-account-admin@example.com (123456789011)
ExternalAccount, external-account-admin@example.com (123456789022)
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html#sso-configure-profile
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 5 months ago- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
The questions ask about how to access CLI when you configure AWS Account as an external application. This answer explains the simple configuration, It's documented everywhere.
https://repost.aws/questions/QUTh6NVlT6Q1qlc55tZcccAw/aws-sso-with-external-account#:~:text=The%20reason%20for,the%20user%20portal.