TL;DR: An AWS CLI alias was failing with "No credentials found" because the shell command was not explicitly pointing to the specific named profile configured for SSO. I fixed this by appending --profile to the command execution within the Zsh alias.
I set up a new Zsh alias to automate my AWS SSO login process and update my local ~/.aws/credentials file. The configuration in my ~/ .aws/config looked correct:
[profile 123456789012_AWSEngineerAccessRole]
sso_start_url = https://your-org.awsapps.com/start
sso_region = eu-west-2
sso_account_id = 123456789012
sso_role_name = AWSEngineerAccessRole
region = eu-west-2
However, when running my custom login alias, the CLI returned this error:
error: No credentials found in the configured profile.
The issue was that aws sso login does not automatically assume you want to use a specific named profile if it isn't the [default] profile. If your configuration uses a custom profile name like 123456789012_AWSEngineerAccessRole, running a bare aws sso login command causes the CLI to look for credentials under the [default] block. Since that block was empty or missing the SSO metadata, it failed immediately.
To fix this, I updated my .zshrc alias to explicitly reference the profile name using the --profile flag:
# Before (Failing)
alias awslogin="aws sso login"
# After (Working)
alias awslogin="aws sso login --profile 123456789012_AWSEngineerAccessRole"
By adding --profile, the AWS CLI knows exactly which block in ~/.aws/config to parse for the sso_start_url and sso_account_id. Now, running awslogin triggers the browser authentication flow and correctly maps the session tokens to that specific profile.
Top comments (0)