Introduction:
AWS SSO CLI is a powerful tool that can be used to automate your AWS management tasks. It uses single sign-on to authenticate users, which can help to improve security by reducing the number of passwords that users need to remember. AWS SSO CLI can also be used to manage multiple AWS accounts, which can help you to scale your AWS environment as needed.
As businesses continue to embrace cloud computing, the management of access to various resources becomes increasingly complex. Amazon Web Services (AWS) has introduced AWS Single Sign-On (SSO) to address this challenge. AWS SSO offers a unified way to manage access to multiple AWS accounts and business applications using a single set of credentials. In this guide, we'll delve into using the AWS SSO Command Line Interface (CLI) to streamline access management and boost operational efficiency.
In this blog post, we will show you how to use AWS SSO CLI to automate your AWS management tasks. We will cover the following topics:
- What is AWS SSO?
- How to configure AWS SSO CLI
- How to use AWS SSO CLI to automate your AWS management tasks
- Examples of AWS SSO CLI commands
AWS SSO
AWS SSO (aka AWS IAM Identity Center) is a service that simplifies the management of access to AWS accounts and applications. It allows users to sign in to multiple AWS accounts and third-party applications using a single set of credentials. However, many of the interactions with AWS SSO were typically done through the AWS Management Console or programmatically using the AWS SSO API.
Prerequisite
If you haven't already, install the AWS Command Line Interface (AWS CLI) on your local machine.
pip install awscli
You should have setup the AWS SSO for your AWS Account and you can login from browser using the URL: https:<org-name>.awsapps.com/start#/
Setting up AWS Credentials (The Boring Way)
- Goto your SSO page where you will see all the account you have access to under AWS Account.
- Select the account you want. You will see the Permission Sets you have access to. You will see two ways to access it.
- Management console
- Command line or programmatic access
- Select Command line or programmatic access and you will be able to get the temporary Access Key, Secret Key and Session Token. Select the necessary terminal of your choice and click Option 1 window to copy the values.
- Open your terminal and paste the values provided. Once that is set, you can check the validity of the keys using
aws sts get-caller-identity
Output:
{
"UserId": "<identity>:<user.name>",
"Account": "<account-id>",
"Arn": "arn:aws:sts::<account-id>:assumed-role/AWSReservedSSO_AWSAdministratorAccess_hash/<user.name>"
}
With the temporary credentials set as environment variables, you can now use the AWS CLI or SDKs to interact with AWS services using the permissions granted by the assumed role.
However, when the credentials expire, you will need to set the environment variables again.
Configuring AWS SSO CLI (The Best Way)
-
Configure AWS SSO: Use the following command to configure AWS SSO with your organization's credentials:
aws configure sso --profile <profile_name>Fill in all the details for setting up this profile including the SSO page link. Doing so will generate a verification link, and you can open it up in a browser to authenticate and allow the terminal to use the AWS CLI for Authentication.
-
Logging In: To initiate a login session, use the following command:
aws sso login --profile <profile_name>
Conclusion
The AWS SSO CLI offers a powerful way to manage access to AWS resources and third-party applications while enhancing security and operational efficiency. By automating tasks, configuring permissions, and integrating with your existing workflows, you can simplify access management across your organization. Embrace the AWS SSO CLI to streamline your cloud operations and focus on innovation rather than access management complexities.
Top comments (0)