The SSO command requires AWS CLI version 2, which is not available through package managers like pip. We'll use a dispensable docker container for AWS CLI to minimize impact on your system file especially you have AWS CLI version 1 installed and haven't migrated to version 2 yet.
- Make sure your python is later version e.g. later than 3.7
- Create a virtual environment, activate it, and install dependencies in
requirements.txt
- You need docker running. If you don't have docker yet, assume you're on Macos, install docker by
brew cask install docker. - Activate virtual environment
- Prepare a config file at
~/.aws/configand copy paste the following contents. If you already have this file, you may just add the[profile test]section. Remember to replace the account id with the correct SSO id account value (e.g. theclingen-aws-nonprod's id, all digits).
[default]
output = json
region = us-west-2
[profile test]
sso_start_url = https://clingen.awsapps.com/start
sso_region = us-west-2
sso_account_id = 123123123123 <-- find this in the SSO portal
sso_role_name = AWSAdministratorAccess
- Run
python aws-refresh-credentials test
$ python aws-refresh-credentials test
Getting credentials for profile test (arn:aws:iam::***:role/AWSAdministratorAccess)
Saved credentials for profile test
-
In case you get stuck in Step 4 and terminal stops at
Getting credentials for profile test (arn:aws:iam::123123123123:role/AWSAdministratorAccess), you can abort the process and run the following command instead:docker run --rm -it -v ~/.aws:/root/.aws amazon/aws-cli sso --profile test login. After you complete the browser verification process (you'll be instructed by the prompts in terminal), you can retry step 4. -
Check out
~/.aws/credentials, you should now seetestprofile credential is updated.