Configure AWS Credentials
This guide explains how to set up and use AWS IAM Identity Center (formerly AWS SSO) for accessing AWS services via the command line. It's recommended to use IAM Identity Center credentials (SSO-based login) rather than static access keys. SSO provides a more secure, manageable, and centralized way to control access without needing long-term credentials.
Configure AWS CLI for SSO
- Open your terminal and run the command:
- Provide the following details when prompted:
- Session name:
ehs-embark - Start URL: https://ehc-embark.awsapps.com/start/#
- Region:
us-west-2 -
Scope:
sso:account:access -
You will be asked to open a browser and go to: https://device.sso.us-west-2.amazonaws.com/
-
Enter the code shown in your terminal.
-
Allow access when prompted.
This step connects your local CLI session with your AWS Identity Center account, enabling secure temporary credentials to access AWS resources.
Set AWS CLI Profile
- Choose the output region for your workloads (e.g.,
eu-west-3for Paris). - Optionally choose an output format:
json,table, ortext— or leave it blank for the default.- Set a recognizable profile name, for example:
embark-aws.
This named profile allows you to reuse the configuration easily in scripts and tools without re-entering credentials.
Re-authenticate if Session Expires
If your session expires (which happens periodically for security), you can re-authenticate using:
This command refreshes your session quickly without reconfiguring anything.
Set Profile for CLI Tools
To ensure eksctl, kubectl, and other AWS CLI commands run with the correct credentials, set the profile environment variable:
For convenience, you can add this line to your
.shellrc,.zshrc, or equivalent shell profile file to apply it automatically in future sessions.
Validate AWS Identity
To verify that your credentials are active and correct, run:
This command outputs your AWS Account ID, User ARN, and Identity Type, confirming a successful connection.