Skip to main content

Command Line tool for AWS SSO Credentials

Project description


GitHub Actions status PyPi Version

This package provides a command line interface to get AWS credentials with AWS SSO.

The aws-cli package works on Python versions:

  • 3.7.x and greater


This package relies on Selenium and Google Chrome to work. Therefore, you need Google Chrome and ChromeDriver to be installed.

This is being developped and tested on macOS, if you encounter problems on other platforms, please open an issue.



brew cask install chromedriver




pip install awssso

Getting Started


For each command you can get help with --help flag.

usage: awssso configure [-h] [-p PROFILE] [-a AWS_PROFILE] [-f] [--url URL]
                        [--username USERNAME]

optional arguments:
  -h, --help            show this help message and exit
  -p PROFILE, --profile PROFILE
                        AWS SSO Profile (default: default)
  -a AWS_PROFILE, --aws-profile AWS_PROFILE
                        AWS CLI Profile (default: AWS_PROFILE, fallback: same
                        as --profile)
  -f, --force-refresh   force token refresh
  --url URL
  --username USERNAME

Configure a profile

$ awssso configure
[?] URL:
[?] AWS CLI profile: my-awssso-profile
[?] Username:
[?] Password: **************
[?] MFA Code: 042042
[?] AWS Account: 000000000000 (Master)
   111111111111 (Log archive)
   222222222222 (Audit)
 > 000000000000 (Master)

[?] AWS Profile: AWSAdministratorAccess
 > AWSAdministratorAccess

This will create a configuration file in ~/.awssso/config.

Get credentials

$ awssso login

This will get the credentials for the profile as defined in the configuration file and use aws-cli to set those credentials to the correct AWS Profile.

$ awssso login -e

This will echo export commands to stdout ; can be used like this $(awssso login -e)

$ awssso login -c

This will generate a Sign In URL to the AWS Console ; URL will open in a new tab if used with --browser.

Base concepts

aws-sso has its own configuration file (~/.awssso/config).
Each section in this file corresponds to an AWS SSO profile. Those profiles are different from AWS profiles.

When using the login command, it'll set credentials for the configured AWS Profile by invoking aws configure.

Inside ~/.awssso/ are also stored cookie files for each pair of username / url. This allows not prompting for MFA code at each login.

Secrets are stored using keyring so for example on macOS they are stored in Keychain.
For each username / url aws-sso stores three secrets:

  • password
  • authn-token
  • authn-expiry-date

aws-sso doesn't make new login attempts until authn-token is expired.


The release notes for AWS SSO can be found here.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for awssso, version 1.0.0
Filename, size File type Python version Upload date Hashes
Filename, size awssso-1.0.0.tar.gz (24.6 kB) File type Source Python version None Upload date Hashes View
Filename, size awssso-1.0.0-py2.py3-none-any.whl (15.3 kB) File type Wheel Python version py2.py3 Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page