AWS CLI Login

To access your AWS account, there are several ways to connect. These include:

• Logging in to the AWS Management Console with your AWS account email and password.
• Using the AWS CLI or SDKs to programmatically access your account resources. This requires setting up appropriate access credentials, including an access key ID and secret access key, and configuring the CLI or SDKs accordingly.

We will use Azure Active Directory to provide SSO (Single Sign-On) login to the AWS console, this is an easy way to log in on the command line or to use the AWS CLI. SSO is a mechanism that allows users to authenticate once and access multiple applications or systems without having to provide their login credentials multiple times. It lets you use the normal Azure AD login from a command line to create a federated AWS session and places the temporary credentials in the proper place for the AWS CLI and SDKs.

Installation

1. Install latest NodeJs. (https://nodejs.org/en/download/). After installation you can add path to the environment variable inside “Path”. You can access environment variable from control panel. Then can check the version with:

node -v
npm -v

2. Install Python, and set the path in environment variable.

3. Install aws cli using: pip install awscli

check the version using

aws --version

4. Configure your profile

aws configure --profile YOUR_PROFILE_NAME

> AWS Access Key ID [None]: (NO INPUT - just press enter)
> AWS Secret Access Key [None]: (NO INPUT - just press enter)
> Default region name [None]: (Write your region e.g eu-west-1)
> Default output format [None]: json

This will intialize a .config file in: C:\Users\<yourUserName>\ .aws

5. Check git version.

6. Install login wrapper package

npm install -g aws-azure-login

check if you can run it:

aws-azure-login --help

if this is showing you the usage page it is properly installed.

Configuring aws-azure-login

We need to configure aws-azure-login in order to get the temporary access keys and credentials.

To start with aws-azure-login, we need to extract the Azure App ID URI.

a. Go to office.com

b. Search AWS, then right click on the aws account and copy link address.

c. Paste it on notepad and, copy the code between the last slash (/) and ?tenantId=

d. To configure the azure login client and define a profile name run the following command:

aws-azure-login --configure --profile YOUR_PROFILE_NAME

for each input add as follows:

> Azure Tenant ID: (you should have it)
> Azure App ID URI: (your Azure App ID URI that you copied in previous step)
> Default Username: (Your email ID)
> Default Role ARN (if multiple): arn:aws:iam::<Account ID>:role/<RoleName OR FederatedUser before your email id>
> Default Session Duration Hours (up to 12): 8

Logging In

Once aws-azure-login is configured, you can log in:

aws-azure-login --profile YOUR_PROFILE_NAME --no-prompt

Run the following command:

aws sts get-caller-identity --profile YOUR_PROFILE_NAME

If this command works without any errors then everything is set up correctly.

If you don’t want to write the profile all the time you could set an environment variable

Linux:
export AWS_PROFILE="YOUR_PROFILE_NAME"

Windows CMD:
SET AWS_PROFILE=YOUR_PROFILE_NAME

Feel free to suggest, if you think I should add something.

If this post helped you, clap clap clap…