- Newest
- Most votes
- Most comments
In regard to your use-case of external accounts, it is an expected behaviour. One can access AWS accounts outside their organization by configuring an application to access the 'External Account' (through IAM federation to the external account AWS console).
Although there are options to configure AWS SSO-authenticated CLI sessions and retrieve programmatic credentials for accounts within the organization, there is no option to programmatically access the 'External Account' provided by the SSO user portal as Applications.
As an alternative, you can either utilize the Chrome extension "SAML to AWS STS Keys Conversion" to obtain the temporary credentials via AWS STS service.
Alternatively, you can use "assume-role-with-saml" AWS CLI command to obtain the temporary credentials.
Further, obtained credentials can either be fed to the credentials file or could be set as environment variables.
Hope above shared information was useful. Thank you.
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 24 days ago
- AWS OFFICIALUpdated 2 years ago
Is still the case?