The AWS Command Line Interface tool from Amazon (for macOS available here on Homebrew) makes it possible to login to AWS through a SSO (Single Sign-On) identity provider such as Okta. However, if you login via "aws sso login
" the AWS credentials file (located at ~/.aws/credentials
) is not updated, this is a problem for tools/libraries that rely on that file.
This script is a wrapper around aws sso login
that also updates the .aws/credentials
file. It only requires AWS CLI and Python 3 to run.
Make sure your .aws/config
file has a section (or multiple sections) that have SSO configuation options.
For example:
[production]
sso_start_url =
sso_region =
sso_account_id =
sso_role_name =
region =
[development]
sso_start_url =
sso_region =
sso_account_id =
sso_role_name =
region =
Save the script file and give it execute permissions (chmod 755 aws-sso-login
).
Then run it without arguments to get a list of configured SSO profiles:
$ ./aws-sso-login
$ Available profiles: ['production', 'development']
To login to a profile, run it with the name of that profile as the single argument:
$ ./aws-sso-login production
If there's no active session you will be redirected to a browser to complete the login.
After a succesful login the .aws/credentials
is updated.