aws-sso

Log in to AWS SSO

$ aws sso login --profile [profile-name]

$ aws sso logout

$ aws sso list-accounts --access-token [token]

$ aws sso list-account-roles --account-id [account-id] --access-token [token]

$ aws sso get-role-credentials --account-id [account-id] --role-name [role-name] --access-token [token]

aws sso subcommand [options]

aws sso is the AWS CLI interface for AWS IAM Identity Center (formerly AWS Single Sign-On), enabling federated access to AWS accounts and applications through a centralized identity source.
The SSO commands allow users to authenticate once and access multiple AWS accounts and applications without managing separate credentials for each account.

login

Initiate SSO login through the browser to obtain an access token

Terminate the current SSO session and invalidate cached credentials

List AWS accounts available to the authenticated user

List IAM roles available in a specific AWS account

Retrieve temporary AWS credentials for assuming a role

SSO login requires browser access for the authorization flow. The access token is cached locally and has a limited lifetime (typically 8-12 hours). You must configure an SSO profile in your AWS config file before using aws sso login. The API namespace retains the name "sso" for backward compatibility even though the service was renamed to IAM Identity Center.

AWS Single Sign-On launched in December 2017 to simplify access management across AWS accounts. It was renamed to AWS IAM Identity Center in July 2022 to better reflect its integration with IAM and its expanded capabilities.

aws(1), aws-sts(1), aws-iam(1)