AWS SSO with aws-cli-mfa-oh-my-zsh

[r-colvin]

AWS recommends SSO and in many places I work, we have migrated from access keys to SSO. For the most part you can use aws sso login <profile> and it works pretty well (the sign-in / MFA / permission approval process can be slow and painful, but other than that it gets the job done!)

However there is an issue where some services, like Amplify, don't work with SSO. There is an open bug report on the Amplify CLI here: aws-amplify/amplify-cli#4488 - I have made a detailed post about things that (as yet) have not worked for me. My solution is to SSO, then get the STC and copy+paste them into a profile in ~/.aws/credentials as required. This works, but is painful (esp. for situations where STC is only valid for an hour)

in the bug report I speculate that aws-cli-mfa-oh-my-zsh might be a solution as it will inject the credentials, however I have yet to try it. I have a few things in my backlog and will try it when I can, however opening this issue in case anyone knows this will work already and save me the effort!

[joepjoosten]

I'm currently using aws-vault for this. https://github.com/99designs/aws-vault

This is a good solutions that wasn't around when i developed this plugin for zsh.