How to invalidate the sso access token after log in (logout from AWS)?

Question

Hi, 
I have a C# .net core application (Target framework - .NET 6.0) written based on the instructions given in the tutorials below ,
 I am using **AWS IAM Identity Center** (SSO authentication  - SSOAWSCredentials) to authenticate to AWS, I could successfully log in but I couldn't find a way to clear/invalidate the token (in another words, logout from AWS) I noticed a session token is stored in the local file system in ({UserProfile}\.aws\sso\cache) and if I delete that manually then I need to authenticate again - but is there a way to officially invalidate the token?

Single sign-on (SSO) with the AWS SDK for .NET -  https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/sso.html

Accepted Answer

This is how you do logout 
https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_Logout.html

As the note says you can not logout from assumed roles. If you must terminate assumed role sessions before they expire, the way to do this is to edit attached policy and force everyone to reauthenticate. I don't think this is what you want to do but I wanted to add the reference for completenes.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html

How to invalidate the sso access token after log in (logout from AWS)?

相關內容