Login credentials provider

You can use your existing AWS Management Console sign-in credentials to acquire short-term credentials that can be used for programmatic access. After you complete the browser-based authentication flow, AWS generates temporary credentials that work across local development tools like the AWS CLI, AWS Tools for PowerShell and AWS SDKs.

To generate these credentials, run the aws login command in the AWS CLI, or the Invoke-AWSLogin cmdlet in AWS Tools for PowerShell. The resulting short-term credentials will be cached locally, where they can be reused by the AWS SDKs. The short-term credentials expire in 15 minutes, but the CLI and SDKs will automatically refresh them as needed up to 12 hours. When the refresh token expires, you'll be prompted to log in again via the CLI or PowerShell.

The login command will update the profile you specify with the login_session setting, which stores the identity of the management console session that you selected during the login workflow.

[profile console]
login_session = arn:aws:iam::0123456789012:user/username
region = us-west-2

By default, the short-term credentials and refresh token are stored in a JSON file in the ~/.aws/login/cache directory on Linux and macOS, or %USERPROFILE%\.aws\login\cache on Windows. The filename is based on the login session name. You can override the directory by setting the AWS_LOGIN_CACHE_DIRECTORY environment variable.

Login Provider Settings

Configure this functionality by using the following:

Support by AWS SDKs and tools

The following SDKs support the features and settings described in this topic. Any partial exceptions are noted. Any JVM system property settings are supported by the AWS SDK for Java and the AWS SDK for Kotlin only.