AWS CLI

Prerequisites:

- AWS Account

- AWS IAM Identity Center User

- AWS SSO Login URL

- Administrator access on your workstation.

Estimated Time: 5 minutes

Estimated Cost: none

In this step we configure the workstation to allow the developer to access the development account.

There are a wide variety of ways an AWS user can be authenticated. See IAM Identity Center authentication.

The two most common ways to authenticate include AWS IAM Identity Center or IAM User Credentials. Other strategies include federated identity provider managed by an organization (such as Azure or Okta), AWS Access Portal, or a custom federated identity provider.

For this install, we assume you access your AWS Account using an AWS IAM Identity Center single sign on (SSO) user.

1. Install the AWS Command Line Interface (CLI). See instructions here: AWS CLI Install
2. Install the AWS SAM CLI. See instructions here: Installing the AWS SAM CLI
3. Configure programmatic access to your AWS Account:
• Learn how here: Prerequisites to use the AWS CLI version 2. Notes:
  • Provide user with Administrative access to the account instead of the recommended PowerUser access. This is necessary to publish stacks.
  • Create a named profile "lzm-dev" to access the AWS Account and Region in which you will host the sample service.
• Open a command window and run aws configure as shown below:

  aws configure sso

  
  SSO session name: lzm-dev
  SSO start URL [None]: {use the sso login url for your AWS SSO}
  SSO region: {specify your region}
  SSO registration scopes [sso:account:access]: {accept this default}
  {At this point configure will open an authorization page in your default browser.}
  {Accounts your SSO has access to will be listed. Choose the development account.}
  CLI default client Region [None]: {specify your region}
  CLI default output format [None]: json
  CLI profile name [AWSAdministratorAccess-99999999999]: lzm-dev
              

Test your profile using this command:

aws sts get-caller-identity --profile lzm-dev