Sign in through the AWS Command Line Interface
You must establish how the AWS CLI authenticates with AWS. Choose the method that best fits your workflow and security requirements.
-
Login with console credentials (Recommended) if you use root, IAM users or federation with IAM for AWS account access.
-
Login with IAM Identity Center credentials if you use Identity Center for AWS account access.
Login with console credentials (Recommended)
This authentication method lets you use your console credentials with the AWS CLI, making it easy to get started with AWS programmatically within minutes of account set up. You can get temporary credentials that work seamlessly across local development tools like the AWS CLI, AWS SDKs and AWS Tools for PowerShell.
Prerequisites
-
Install the AWS CLI. For more information, see Installing or updating to the latest version of the AWS CLI. A minimum version of 2.32.0 is required to use the
aws logincommand. -
Access to sign into the AWS Management Console as a root user, IAM user, or through federation with IAM. If you use IAM Identity Center, go to Login with IAM Identity Center credentials instead.
-
Ensure the IAM identity has the appropriate permissions. Attach the SignInLocalDevelopmentAccess managed policy to your IAM user, role, or group. If you sign in as a root user, no additional permissions are required.
To login with console credentials
-
Run the following command to start the browser-based authentication process:
$aws loginThe
aws logincommand supports several optional parameters:-
aws login --remote- For cross-device authentication when your device doesn't support a browser -
aws login --profile- To authenticate with a specific profileprofile-name -
aws login --region- To authenticate in a specific regionregion
-
-
Follow the prompts in your terminal. The command will automatically open your default browser and guide you through the authentication process. After successful authentication, your AWS CLI session will be valid for up to 12 hours.
-
To end your session, use:
$aws logout
If you are accessing AWS services programmatically by using AWS Tools for PowerShell, please see Authenticating the AWS Tools for PowerShell with AWS. If you are using AWS SDKs, please see Authentication and access using AWS SDKs and tools.
Login with IAM Identity Center credentials
The AWS access portal makes it easy for IAM Identity Center users to select an AWS account and get temporary security credentials for the AWS CLI. For more information about how to get these credentials, see Region availability for AWS Builder ID. You can also configure the AWS CLI directly to authenticate users with IAM Identity Center.
To login with IAM Identity Center credentials
-
Check that you've completed the Prerequisites.
-
If you're signing in for the first time, configure your profile with the
aws configure ssowizard. -
After you configure your profile, run the following command, then follow the prompts in your terminal:
$aws sso login --profilemy-profile
Additional information
If you want more information about signing-in using the command line, refer to the following resources.
-
For more information on using your console credentials to login for AWS local development, see Authentication and access credentials for the AWS CLI.
-
For more information on the AWS CLI sign-in process, see Authenticating with short-term credentials for the AWS CLI.
-
For details on IAM Identity Center configuration, see Configuring the AWS CLI to use IAM Identity Center.
