Signing into AWS to a different account

Question

I currently have AWS configuration set up with my access key id and secret access key (i.e. I see this when going to 'aws configure' in the CLI). I then login through my company's OKTA to then access the AWS UI.

I've just been given access to a new AWS account (lets call it X) that I've been given access to AWS Single Sign-on (SSO) in OKTA for this new account.

What are the steps I need to take in order to access this new account (X)?

Also, I was told that when using SSO  it'll give me the option to go to the Management Console or Programatic Access - the Programatic Access will show you iam access key and secret to use, but I still see the previously used account not account (X).

Answer

With the AWS SSO you have a page https://d-xxxxxxx.awsapps.com/start#/

With this page you can configure the SSO login for the cli: [https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html]()

After you have configured it, run: `aws sso login --profile generated-profile-name` to login. This will open a browser window and redirect you to okta to authenticate.

Answer

You can have multiple profiles in the credentials/config files. If you want to store the additional keys do something like this:

```
aws configure --profile accountx
```
Then to use these credentials use the --profile in the command, like:

```
aws ec2 describe-instances --profile accountx
```

See: [Named profiles for the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).

Signing into AWS to a different account

Relevant content