Are you struggling with the complexities of configuring AWS SSO profiles for your projects involving data storage in S3 or similar services? In this blog post, we'll guide you through the seamless and effortless process of setting up AWS SSO profiles within AWS Config to get you up and running quickly.

Understanding AWS Profiles

AWS profiles are configurations that define how your AWS CLI commands interact with AWS services. They centralise authentication credentials, region settings, and other parameters to streamline access to AWS resources. By creating different profiles for different purposes or roles, you can provide granular access control and maintain organisational segregation of duties. Understanding AWS profiles enables seamless integration of AWS CLI commands into your workflow, promoting agile development, efficient resource management, and robust security practices.

Prerequisites

• AWS Account: You must have an active AWS account with appropriate permissions to configure AWS services and manage IAM roles.
• AWS CLI: Install the AWS Command Line Interface (CLI) tool on your local machine. AWS CLI allows you to interact with AWS services from the command line, simplifying configuration and management tasks. Install the AWS CLI using brew: brew install awscli.
• AWS IAM privileges: Ensure that your IAM user or role has the necessary permissions to create and manage AWS Config rules and AWS SSO configurations. This includes permissions to access the AWS Management Console and make changes to IAM policies and roles.

Setting Up AWS SSO Profiles in AWS Config: A Step-by-Step Guide

The AWS CLI provides a built-in step-by-step guide for setting up SSO profiles. You can invoke it with `aws configure sso'.

1. SSO Session Name (Recommended): Choose a descriptive name, ideally with a reference to the environment or stage like dev, prod or staging.
2. SSO Start URL [None]: Specify the URL where the process of selecting a profile begins within the AWS Management Console.
3. SSO Region [None]: Indicate the region associated with your AWS account.
4. SSO Registration Scopes [sso:account:access]: This initiates a browser window for granting access to your AWS profiles. Upon confirmation, you can proceed to select accounts and roles via the terminal.
5. CLI Default Client Region [eu-central-1]: Reiterate your preferred region setting.
6. CLI Default Output Format [None]: Simply press Enter to confirm.

Once configured, you can verify your profile by executing:

aws s3 ls --profile dev-admin

This command will list the contents of your S3 bucket using the specified profile, in this case, "dev-admin".

Setting Up AWS SSO Profile directly in Configuration File

Another effective method for adding a profile is by directly modifying the config file.

To access the file in the terminal, use the command cat ~/.aws/config.
Within this file, you can insert a profile block resembling the following example:

After adding the block and saving the file, you can seamlessly utilize the profile.

Logging in with AWS SSO Profiles

First, export the AWS profile in the terminal where you want to use AWS CLI commands:

export AWS_PROFILE=dev-admin

Next, log in to your profile with the following command:

aws sso login

A new browser window will open, prompting you to confirm your login attempt.

Great! You are now logged in with your dev-admin profile.

To check which profile you are currently logged in with, use the command:

aws sts get-caller-identity.

For a deeper view you can visit the AWS documentation: https://docs.aws.amazon.com/cli/latest/userguide/sso-using-profile.html.