The bit that is missing here is how to tie the files in the ~/.aws/sso/cache to the profiles that were authenticated.
I cleared out the cache folder and once I authenticate it creates two files for the profile in that folder. One appears to have a clientId and clientSecret, while the other also includes the startUrl, region, etc - they both have the same clientId, so probably will work for the command mentioned.
After some testing, it appears that the first file gets created on login, the other gets updated/recreated each time a new login request is done.
The second file is the only one with the accessToken in it (the file name is different than in this article for me:
Robs-Mac-Studio:cache robweaver$ ls -la
total 16
drwxr-xr-x 4 robweaver staff 128 Dec 31 10:13 .
drwxr-xr-x 3 robweaver staff 96 Jan 16 2023 ..
-rw------- 1 robweaver staff 1591 Dec 31 10:13 0985762d83913a2168995f8d4708edd8576ac6fa.json
-rw------- 1 robweaver staff 1966 Dec 31 10:13 b457e1ad9779b6f14b1438fe4d9fb53c97acd78d.json
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
All you need is:
aws configure export-credentials --profile profile-name
If you want them as environment variables and make them available in your terminal:
eval "$(aws configure export-credentials --profile profile-name --format env)"
Relevant content
- Accepted Answerasked 4 months ago
- Accepted Answerasked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago