- 最新
- 最多得票
- 最多評論
In regard to your use-case of external accounts, it is an expected behaviour. One can access AWS accounts outside their organization by configuring an application to access the 'External Account' (through IAM federation to the external account AWS console).
Although there are options to configure AWS SSO-authenticated CLI sessions and retrieve programmatic credentials for accounts within the organization, there is no option to programmatically access the 'External Account' provided by the SSO user portal as Applications.
As an alternative, you can either utilize the Chrome extension "SAML to AWS STS Keys Conversion" to obtain the temporary credentials via AWS STS service.
Alternatively, you can use "assume-role-with-saml" AWS CLI command to obtain the temporary credentials.
Further, obtained credentials can either be fed to the credentials file or could be set as environment variables.
Hope above shared information was useful. Thank you.
相關內容
- 已提問 7 個月前
- AWS 官方已更新 1 年前