preloader
blog-post

How to make AWS CLI call from local machine using federated login

Table of Contents

This article explains the steps required to make AWS CLI call from local machine using federated login. Steps described below are specific to windows operating system.

INSTALL REQUIRED SOFTWARE’S

Follow the below steps to install all required software. These steps have to be done only once on a given machine.

This NPM module updates frequently. You should run npm update -g aws-azure-login from time to time to make sure you have the latest version.

CONFIGURE AWS-AZURE-LOGIN

Follow the below steps to configure aws-azure-login, please note this configuration is done at account level. You repeat the steps if you have multiple AWS accounts. You will need IAM Role ARN, Azure Tenant ID, Azure App ID URI and this can be obtained from your AWS admin.

  • Run the below command in PowerShell and fill in the details.
    aws-azure-login --configure --profile profileName
  • You should see a config created inside C:\Users\{USERID}\.aws, You can also navigate from %SystemDrive%\Users\

GET YOUR ACCESS TOKEN

This step should be done every day since access tokens are valid only for 8 hours by default and maximum for 12 hours.

  • Run below command from your PowerShell, here profile name will change based on the profile you need to login.
    aws-azure-login --mode gui --profile profileName
  • You should see a message like “Assuming role arn:aws:iam:”
  • This will also create a file named “credentials” inside C:\Users\{USERID}\.aws, You can also navigate from %SystemDrive%\Users\
  • Now issue aws configure and use the content from credentials file.
  • You need to tell AWS CLI the location of the credential file, that would be using the below command.
    setx AWS_SHARED_CREDENTIALS_FILE C:\Users\{USERID}\.aws\credentials

Alternatively, this variable can be set from the Environment Variables GUI also.

ISSUE AWS CLI COMMANDS

At this point we are ready to use AWS CLI, go ahead and issue your favorite AWS CLI commands and the syntax would be like aws s3 ls --profile profileName

CREDITS AND REFERENCES

Please see some of the key references listed below. All credits to the creators of aws-azure-login

Share this blog:
Comments

Related Articles