Exploring AWS CLI v2 with AWS Single Sign-on
Going back to the 10 of December 2017, AWS introduced AWS Single Sign-On, a service that makes it easy for you to centrally manage SSO access to multiple AWS accounts and business applications.
Three years later, the Service has grown a lot, and with the increment of usage of services like AWS Control Tower and the AWS Organization in general, AWS Single Sign-on has been one of the best methods proposed by AWS to manage access in a Multi-Account Cloud environment.
But, in the first instance, users were supposed to log into the AWS SSO portal, copy the named profile credentials and paste them into their local ~/.aws/** files. That was a big waste of time and productivity for developers.
That’s been a huge leap for developers because the release included automatic short-term credential rotation enabling developers to take full advantage of CLI profiles to switch between roles, which increases their security posture. So, let’s see the good, the bad, and the ugly of this proposal.
By doing so, developers can change their account by switching the in-use AWS named profile. The automatic short-term credential management enables developers to switch between accounts and roles seamlessly without refreshing credentials.
