bitPhile

aws-cli-setup-sso

2 min read

Setting AWS CLI With SSO

Creating SSO User

AWS provides IAM Identity Center to create SSO User. Following are the steps to create SSO User.

  1. Enable IAM Identity Center if now enabled in the region.

Only one IAM Identity Center is allowed in any region.

  1. Create User by following the steps.
  2. Create a group and add the user into the group.

it is always advisable to attach permissions to the groups instead of individuals users.

  1. Create a permission set. For now, keep PowerUserAccess for all access except user management.
  2. Add a group/user to an account. Multi-account permissions > AWS Accounts.
    1. Click button Assign users or groups.
    2. Add user/group
    3. Attach Permission set just created.

Installing AWS CLI

This section describes about installing AWS CLI using command line for current user.

Either you can use user folder or can create new folder for the installation. Assuming a new folder for installation aws-installer.

  1. Setup choices.xml file which tells where to get the aws files.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <array>
    <dict>
      <key>choiceAttribute</key>
      <string>customLocation</string>
      <key>attributeSetting</key>
      <string>/Users/username/aws-installer</string>
      <key>choiceIdentifier</key>
      <string>default</string>
    </dict>
  </array>
</plist>
  1. Download the .pkg file.
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
  1. Install the downloaded .pkg.
installer -pkg AWSCLIV2.pkg \
            -target CurrentUserHomeDirectory \
            -applyChoiceChangesXML choices.xml
  1. Linking the binaries. By default installation doesn’t modify the PATH to set aws binary location. We have to do it manually.
sudo ln -s /Users/username/aws-installer/aws-cli/aws /usr/local/bin/aws
sudo ln -s /Users/username/aws-installer/aws-cli/aws_completer /usr/local/bin/aws_completer
  1. Verify the installation.
~/aws-installer
⟩ aws --version
aws-cli/2.15.20 Python/3.11.6 Darwin/23.3.0 exe/x86_64 prompt/off

AWS CLI SSO Setup

This setup results in the creation of profile that will be used to access aws resources.

  1. Run the command aws configure sso.
  2. It asks for few details such as name, region name, start url that can be fetched from IAM Identity Center.

Graph View