Configuring AWS SSO 🔐
In this section, we'll guide you through configuring AWS Single Sign-On (SSO) so you can securely access your AWS accounts using the AWS CLI with your SSO credentials.
In simple terms, with the User account we created earlier (i.e., jimmy.carter), we can access both the Production and Staging accounts because the account was granted AdministratorAccess.
1. Configure SSO for Production.
Run the following command to start the SSO configuration process:
aws configure sso
You'll be prompted to provide information about your AWS SSO configuration.
- SSO session name (Recommended): Enter the session name for prod. i.e. awslaunchgoat-prod
- SSO start URL: Enter the URL for your AWS SSO user portal. This can be found in the IAM Identity Center. It should look something like
https://d-XXXXXXXXXX.awsapps.com/start
. Copy and paste it.
-
SSO region: Enter the AWS region where your AWS SSO is configured. i.e. us-east-1
-
SSO registration scopes: Hit enter and skip.
-
The AWS CLI will launch your default web browser for authorization. Click Confirm and continue.
- Sign in to your User account. i.e. jimmy.carter
- Allow access to Applications and AWS accounts.
- Close the window and go back to the terminal.
- Select the Production in the prompt and hit enter.
- CLI default client Region [None]: Enter your region again. i.e. us-east-1
- CLI default output format [None]: Enter json
- CLI profile name [AdministratorAccess-account#]: Enter the profile name for prod. i.e. awslaunchgoat-prod
Congrats! Your AWS SSO profile is now configured. You can verify it by listing your configured profiles:
aws configure list-profiles
You should see awslaunchgoat-prod (or the name you provided) in the list. You can now use your SSO profile to run AWS CLI commands!
2. Configure SSO for Staging.
Repeat above steps to create a new profile and sso-session for staging. i.e. awslaunchgoat-staging
Make sure to choose Staging in the prompt, not Production! (Refer to #8)
⚠️ FYI..
When you are done with configuring SSO for both Production and Staging, a new Config file will be created in the hidden .aws folder.
When you open this file, you will find that profiles and sso-sessions for prod & staging are created.
- By configuring AWS SSO with the AWS CLI, you enhance the security of your AWS operations and simplify credential management across multiple AWS accounts and environments. 🎉