How to Login to AWS using CLI with AzureSSO through Azure Active DirectoryTesting on Windows 10 Release 1909 Prerequisite (Install Visual Studio Code and the AWS CLI if you don't have it already installed and your Azure Active Directory is already configured and processing authentication) 1. Install Node.Js https://nodejs.org/en/ (Use the LTS Edition/Version) 2. Check the node version in PowerShell or Windows Terminal: node --version && npm --version 3. npm install -g aws-azure-login *install will take about 15-20 minutes. Be patient and let it finish. 4. Configure your profile aws-azure-login --configure --profile=<<Name of your profile>> Example: aws-azure-login --configure --profile=migrationking Pro Tip: It installs the profile on your machine under ~/.aws/config . You can edit the file with Visual Studio Code or Notepad++ #This will prompt to Enter the Azure AD details *** Azure Tenant ID: << Enter the Azure AD Tenant ID from the Azure AD application configuration for the AWS Account to be accessed>> Azure Tenant ID URL: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties *** Azure App ID URI: << Replace this with Azure App ID identifier from App Config>> Find it via the direct url: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/ *** Default Username: << Replace this with your complete Azure AD Email Address FQDN (e.g. >> *** Stay logged in: skip authentication while refreshing aws credentials (true|false) (false) << Type in false>> *** Default Role ARN (if multiple): <<Hit Return Key, the CLI will fetch the list of role ARN's when trying to login post configuration>>. *** Default Session Duration Hours (up to 12): (1) Profile saved. If your using GovCloud make sure that you identify the region inside of your ~/.aws/config file region=us-gov-east-1 Example: cat ~/.aws/config [profile migrationking] region=us-gov-east-1 azure_tenant_id=1a11d111-1111x-111x-111x1-00000000x00001x azure_app_id_uri=https://signin.amazonaws-us-gov.com/saml\#warrior4life azure_default_username= azure_default_role_arn= azure_default_duration_hours=1 azure_default_remember_me=false 5. If you want to login without a GUI prompt type aws-azure-login --profile migrationking --no-sandbox --no-prompt 6. If you want to see the gui or your chasing errors aws-azure-login --profile migrationking --no-sandbox --no-prompt --mode=gui Reference: https://github.com/sportradar/aws-azure-login/blob/main/README.md Correction Example: https://github.com/migrationking/aws-azure-login First Confirm the Powershell version $PSVersionTable.PSVersionInstall the AWS Tools Common Module Install-Module -Name AWS.Tools.CommonInstall the AWS Tools for Powershell Install the aws azure login tool npm install -g aws-azure-login — unsafe-permGo to https://aws.amazon.com/powershell/ and download AWS Tools for Windows Installers Once this is completed, run the following command. ( Node >7.6 is required for this and NPM has to be installed) npm install -g aws-azure-loginVerify that NPM is in the Path $Env:PathIf not, set npm in the Path. Next set up your profile to connect to AWS, You have to run the command, aws-azure-login — configure — profile aws-atpcowith the following parameters,( this will be given to to you by your Azure Federation Administrators Azure Tenant id: #### You should now be able to login with the following command. Upon logging in, you should see a list of roles that you have been granted. Choose any of the role to continue. |