How to make AWS CLI call from local machine using federated login

Saturday, September 21, 2019

How to make AWS CLI call from local machine using federated login

This article explains the steps required to make AWS CLI call from local machine using federated login. Steps described below are specific to windows operating system.

Follow the below steps to install all required software. These steps has to be done only once on a given machine.
  • Download and install the latest version of   Node.js for   your   operating   system from “”. You  can  verify  the  installation  was  successful from  PowerShell using the  command  “npm --version
  • aws-azure-login is a tool which allow you to generate AWS credentials (aka AWS Security Token Service (STS)) using your Azure account from the CLI. To install aws-azure-login, open PowerShell and issue the command “npm install -g aws-azure-login
Note: This NPM module updates frequently. You should run “npm update -g aws-azure-login” from time to time to make sure you have the latest version.

Follow the below steps to configure aws-azure-login, please note this configuration is done at account level. You repeat the steps if you have multiple AWS accounts. You  will  need  IAM  Role  ARN, Azure  Tenant  ID, Azure  App  ID  URI and  this  can  be  obtained  from your AWS admin.
  • Run the below command in PowerShell and fill the details.
          aws-azure-login --configure --profile profileName
  • You  should  see  a  config  created  inside “C:\Users\{USERID}\.aws”, You can also navigate from “%SystemDrive%\Users\”

This step should be done every day since access tokens are valid only for 8 hours by default and maximum for 12 hours.
  • Run below command from your PowerShell, here profile name will change based on the profile you need to login.
          aws-azure-login --mode gui --profile profileName
  • You should see a message like “Assuming role arn:aws:iam:”
  • This will also create a file named “credentials” inside “C:\Users\{USERID}\.aws”, You can also navigate from “%SystemDrive%\Users\”
  • Now issue "aws configure" and use the content from credentials file.
  • You need to tell AWS CLI the location of credential file, that would be using below command.
           setx AWS_SHARED_CREDENTIALS_FILE C:\Users\{USERID}\.aws\credentials

Note : Alternatively, this variable can be set from the Environment Variables GUI also.

At this point we are ready to use AWS CLI, goahead and issue your favorite AWS CLI commands and the syntax would be like

aws  s3 ls --profile profileName


No comments

Post a Comment

Error 404

The page you were looking for, could not be found. You may have typed the address incorrectly or you may have used an outdated link.

Go to Homepage