Please stop using this tool and start using aws-vault instead.
Has support for SSO via PR-594
aws-vault has a community and is leading from the front in terms of keeping your
credentials secure. We should all go support them.
Right now, most AWS SDKs don't support the new SSO credential provider that the AWS CLI v2 supports.
While the SDKs are catching up to support SSO credentials in their
default credential providers, we can use this tool as a credential
process to fetch credentials because most SDKs already support the
credential_process directive.
Inside your ~/.aws/config you'll set something like this up:
[profile acme_dev]
sso_start_url = https://acme.awsapps.com/start/
sso_region = us-east-2
sso_account_id = 0123456789
sso_role_name = AWSAdministratorAccess
region = us-east-2
output = json
credential_process = /Users/alice/bin/aws-sso-fetcher acme_devOnce you get SSO credentials with:
aws sso login --profile=acme_devYou can then start using all kinds of software with the profile:
export AWS_PROFILE=acme_dev
aws ec2 describe-vpcsBut of course you didn't download this tool to use it with the
AWS CLI, you downloaded it so that you could launch other applications
using AWS_PROFILE without wrapper scripts.
It's also been reported that you might need to also set:
export AWS_SDK_LOAD_CONFIG=1to get Golang applications (i.e. terraform) to correctly use the the config file.