- Use session token from SSO login across shell sessions
- Use SSO Login within IntelliJ with the aws-toolkit plugin
- AWS Account with SSO enabled
- aws cli v2
run this command to create a sso profile, which is added to $HOME/.aws/config, allowing to set the profile name
aws configure sso
Hint: sso_start_url = https://d-${ACCOUNT_ID}.awsapps.com/start#/
this example uses $HOME/.aws for storing the script from this repository
example creation with pbcopy: (use cp, ln -s, or whatever you prefer)
copy the contents of the setDefaultCredentialsFromSsoToken to your clipboard and run
touch $HOME/.aws/setDefaultCredentialsFromSsoToken
pbpaste > $HOME/.aws/setDefaultCredentialsFromSsoToken
chmod +x $HOME/.aws/setDefaultCredentialsFromSsoToken
add a line like the following to $HOME/.zsh_aliases
replace the profile name; if necessary also replace the script name & location
alias awssso="AWS_PROFILE=my-fancy-sso-profile zsh -c '$HOME/.aws/setDefaultCredentialsFromSsoToken'"
For fetching and persisting credentials for your sso account run your alias, e.g.
awssso
The invoked script will:
- run
aws sso login, opening a browser window with your sso_start_url so you can login with your sso providers credentials. - run
aws sso get-role-credentialswith the returned session tokens - write a new
$HOME/.aws/credentialswith the derived temporary credentials, backing up the old file (with patterncredentials-${epoch_timestamp})
Link to the setup: https://docs.aws.amazon.com/toolkit-for-jetbrains/latest/userguide/setup-toolkit.html
The IntelliJ Plugin sadly does not work yet with SSO Logins, but this script sets credentials to the default profile, which can be used easily in IntelliJ to provide Credentials for the DefaultAWSCredentialsProviderChain