- Newest
- Most votes
- Most comments
Hello,
Your expectations are correct: once you configure AWS CLI v2 for Single Sign On (SSO), you should only need to run 'aws sso login'. That's because the previous step, 'aws configure sso', should've persisted the SSO configuration on user's ~/.aws/config by defining profile-specific sso_* parameters [1].
After you get authenticated on CLI, you are prompted to select the Account and also the Role (Permission Sets) you want to assume in the selected account. Once these selections are done, you will be prompted to create a profile with those details which are similar to the one below and then choose a name for the profile or select the default one.
[profile My-Acct-1] sso_start_url = https://ALIAS.awsapps.com/start/#/ sso_region = us-east-1 sso_account_id = 555555555555 sso_role_name = AWSPowerUserAccess region = us-east-1 output = json
Please ensure that the value for "sso_account_id" under the profile in the AWS config file is correctly populated.
To understand whats going on, we require details that are non-public information. Please open a support case with AWS using the following link: https://console.aws.amazon.com/support/home#/case/create
References
[1] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago