Body
Login Instructions
- Sign into https://portal.office.com.
- Click on the App Launcher Waffle icon on the top left.
- Click on All apps.
- Scroll to the bottom of the list and click on AWS SSO.
- Click on AWS Account to expand the accounts you are allowed to access.
- Click on the account you wish to access to expand the connection options. Choose either Management Console or Command line or programmatic access.
- An alternative faster method to access your AWS account list is to use this URL https://d-9a67206884.awsapps.com/start#/.
- A third option for accessing My Apps quicker, is following the instruction from the link below to download the Azure My Apps Extension. It can be installed on Edge, Safari, & Chrome. The extension is called, My Apps Secure Sign-in Extension. https://support.microsoft.com/en-us/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510
Configuring the AWS CLI profile
- install AWS CLI version 2 or greater
- run "aws configure sso"
- SSO session name (Recommended): [Name the profile]
- start URL: https://d-9a67206884.awsapps.com/start#/
- region: us-east-2 (Ohio)
- Note, East is where SSO is setup, not where you should be putting resources.
- SSO registration scopes [sso:account:access]: Default, hit enter.
- it will open a browser window for authentication
- if successful, a prompt should show up in the shell window asking which account and role to assume
Back on the cmd, it will show a list of AWS Accounts you have access to. Choose the account. - CLI default client Region [None]: US-West-2 (This is the closet region to Mines.)
- CLI default output format [None]: [defaults to json]
- CLI profile name [AdministratorAccess-242796985320]: Hit enter for default.
- this will modify the default AWS config file at ~user\.aws\config
- edit this to modify the profile name or add additional profiles
- for future sessions, start with
|
aws sso login --profile [profile name]
|
- Note that every command must also reference the profile name or set the AWS_PROFILE variable appropriately
- PS: $env:AWS_PROFILE = "profilename"
- bash: export AWS_PROFILE=user2
- When you inevitably forget what you named the profiles:
- aws configure list-profiles
- Type the following command replacing the profile_name with your desired profile name. You will be prompted for the following fields.
|
aws configure --profile profile_name
|
- Access Key ID
Secret Access Key
Default region name (us-west-2 recommended) See https://awsregion.info/ for a list of regions.
Default output format (json recommended) See https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output-format.html for output formats.
- List the profiles you have configured.
|
aws configure list-profiles
|
- Profiles are stored in plain text under C:\Users\username\.aws\config. Access keys and secrets are also stored as plain text under C:\Users\username\.aws\credentials.
- Verify you are using the correct credentials by running a simple get-user command.
|
aws iam list-users --profile "profile_name"
|
- Confirm the account number matches the account you want to make changes to.
- (Optional) set the default profile environment variable for Windows. This will switch your default AWS profile to the one you specify.
|
setx AWS_DEFAULT_PROFILE profile_name
|
- Close PowerShell. This is required as the open PowerShell window retains the old environment variable until it is closed and reopened.
Note: AWS SSO has a current session duration of 8 hours which will require you to sign back into the console or CLI when this time is reached.