Cloud Gardener

How To Use AWS Developer Tools With AWS SSO?

September 12, 2020

the key

What I cannot create, I do not understand. ― Richard P. Feynman

As multi-account AWS architectures have become more common, there has also been a need to implement centralized user and access management. The AWS solution to this problem is AWS SSO, which is indeed a neat solution, but …

Many popular developer tools, including AWS’ own CDK (Cloud Development Kit) and Amplify, do not support it yet, as we can find from the GitHub issues:

As usual, the best answer to these problems can be found on Twitter, so also this time. I complained about the issue, and very soon, I had the best solution so far in my hands!

Ben Kehoe has written two nice helper tools to go around the problem:

And Jared Short came up with a little helper function, which will nicely tie the whole process together.

So, what do I need to do?

  1. Install the two tools; aws-sso-credential-process and aws-export-credentials
  2. Place following to your .bashrc, .zshrc or similar: – Don’t forget to replace the start URL and region values.
export AWS_CONFIGURE_SSO_DEFAULT_SSO_START_URL=https://<your-sso>.awsapps.com/start
export AWS_CONFIGURE_SSO_DEFAULT_SSO_REGION=<your-default-region>

sso(){
  unset AWS_PROFILE
  export AWS_PROFILE=$1
  aws sts get-caller-identity &> /dev/null \
  || aws sso login \
  || (unset AWS_PROFILE && aws-configure-sso-profile --profile)
  eval $(aws-export-credentials --env-export)
}
  1. Source your profile, run sso, and off you go! – The helper tools will configure your shell with credentials that most of the tools can understand, even they wouldn’t support AWS SSO yet.

Niko Virtala is a modern technology enthusiast, and Cloud Gardener at VR Group. He is also the father of two magnificent girls, husband, indie music lover, guitarist, and photographer. He loves simplicity and values a great developer experience. Follow him at Twitter