Login to AWS with SSO instead of Credentials File


Follow the steps described in: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

Create a IAM user

After completing the steps described in the documentation above, you should have

  • An IAM user
  • An assigned SSO role to that user
  • A Start URL for your SSO Login page

On your local profile you should find under “~/.aws/config” a section looking like this:

[profile <profile-name>]
sso_session = <username>
sso_account_id = <some-id>
sso_role_name = <selected role, e.g. Administrator Access>
region = <region>
[sso-session <user-name]
sso_start_url = https://<someotherid>.awsapps.com/start
sso_region = <region>
sso_registration_scopes = arn:aws:sso:::instance/<just-an-additional-id>

Multiple users for different use cases can be added here as well

Login with CLI or python SDK

To login you now can refer to that profile session:

aws sso login --profile <profile-name>

Within pythin SDK you now can open a session like this:

import boto3

client= boto3.clien("what-ever-service-you-want")

A browser windows will pop up, just follow the instructions to finalize the login and to receive a short-term token.

No further hassle with local credential files!

That’s it!