Cloud Gardener

How To Use AWS Developer Tools With AWS SSO?

September 12, 2020

the key

What I cannot create, I do not understand. ― Richard P. Feynman

As multi-account AWS architectures have become more common, there has also been a need to implement centralized user and access management. The AWS solution to this problem is AWS SSO, which is indeed a neat solution, but …

Many popular developer tools, including AWS’ own CDK (Cloud Development Kit) and Amplify, do not support it yet, as we can find from the GitHub issues:

As usual, the best answer to these problems can be found on Twitter, so also this time. I complained about the issue, and very soon, I had the best solution so far in my hands!

Ben Kehoe has written two nice helper tools to go around the problem:

And Jared Short came up with a little helper function, which will nicely tie the whole process together.

So, what do I need to do?

  1. Install the two tools; aws-sso-credential-process and aws-export-credentials
  2. Place following to your .bashrc, .zshrc or similar: – Don’t forget to replace the start URL and region values.
export AWS_CONFIGURE_SSO_DEFAULT_SSO_START_URL=https://<your-sso>.awsapps.com/start
export AWS_CONFIGURE_SSO_DEFAULT_SSO_REGION=<your-default-region>

sso(){
  unset AWS_PROFILE
  export AWS_PROFILE=$1
  aws sts get-caller-identity &> /dev/null \
  || aws sso login \
  || (unset AWS_PROFILE && aws-configure-sso-profile --profile)
  eval $(aws-export-credentials --env-export)
}
  1. Source your profile, run sso, and off you go! – The helper tools will configure your shell with credentials that most of the tools can understand, even they wouldn’t support AWS SSO yet.

Niko Virtala is a modern technology enthusiast, Cloud Gardener, and DevOps Consultant at Polar Squad. He is also the father of two magnificent girls, husband, indie music lover, guitarist, and photographer. He loves simplicity and values a great developer experience. Follow him at Twitter