Going back to the 10 of December 2017, AWS introduced AWS Single Sign-On, a service that makes it easy for you to centrally manage SSO access to multiple AWS accounts and business applications.

Three years later, the Service has grown a lot, and with the increment of usage of services like AWS Control Tower and the AWS Organization in general, AWS Single Sign-on has been one of the best methods proposed by AWS to manage access in a Multi-Account Cloud environment.

But, in the first instance, users were supposed to log into the AWS SSO portal, copy the named profile credentials and paste them into their local

~/.aws/**files. That was a big waste of time and productivity for developers.

Later on, in 2019, AWS introduced the CLI V2, in beta preview, with the native support of AWS SSO.

That’s been a huge leap for developers because the release included automatic short-term credential rotation enabling developers to take full advantage of CLI profiles to switch between roles, which increases their security posture. So, let’s see the good, the bad, and the ugly of this proposal.

#aws #aws-cli #aws sso