Using saml2aws with AWS Identity Center IdP

[TonioGela]

Has someone been able to use saml2aws with AWS Identity Center? Configuring it as a browser simply redirects to the aws idp login page, without injecting the credentials and once logged in the console on the opened browser the information is not propagated to the cli and it hangs.

This is my configuration

[default]
name                    = default
app_id                  =
url                     = https://<redacted>.awsapps.com/start/#
username                = toniogela
provider                = Browser
mfa                     = Auto
mfa_ip_address          =
skip_verify             = false
timeout                 = 0
aws_urn                 = urn:amazon:webservices
aws_session_duration    = 3600
aws_profile             = toniogela
resource_id             =
subdomain               =
role_arn                =
region                  =
http_attempts_count     =
http_retry_delay        =
credentials_file        =
saml_cache              = false
saml_cache_file         =
target_url              =
disable_remember_device = false
disable_sessions        = false
download_browser_driver = false
headless                = false
prompter                =

Any help would be appreciated

[ethanzh]

I am also looking for this functionality

[monty16597]

You can use official feature of the AWS CLI

Steps

1. Create session config using

$ aws configure sso-session
# SSO session name: <session_name i.e. organization name>
# SSO start URL [None]: https://my-sso-portal.awsapps.com/start
# SSO region [None]: us-east-1
# SSO registration scopes [None]: sso:account:access

2. Create credential profile in ~/.aws/credentials

$ cat ~/.aws/credentials
# [<profile_name>]
# sso_session = <session_name_passed_above>
# sso_account_id = 111122223333
# sso_role_name = <role_you_want_use>

3. Login into your session using below command. It will open the browser and ask to authorize the login.

$ aws sso login --profile <profile_name>

Ref