Back to Details

aws-sso-login

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

AWS SSO Login

AWS SSO 登录

A skill to authenticate to AWS using Single Sign-On (SSO) for a specified profile.
一项针对指定配置文件,使用单点登录(SSO)对AWS进行身份验证的Skill。

Purpose

用途

Perform SSO authentication before executing AWS CLI operations. SSO sessions typically expire after 8-12 hours, requiring re-authentication.
在执行AWS CLI操作前完成SSO身份验证。SSO会话通常会在8-12小时后过期,需要重新验证。

Input Parameters

输入参数

  • profile
    : AWS CLI profile name configured for SSO (default: defined by project, e.g., 
    web-hosting
    )
    • If the profile name is not known/available from project docs or prior context, ask the user which AWS CLI profile to use before running this skill.
  • profile
    :为SSO配置的AWS CLI配置文件名称(默认值:由项目定义,例如
    web-hosting
    • 如果无法从项目文档或上下文信息中获取配置文件名称,请在运行此Skill前询问用户要使用哪个AWS CLI配置文件。

Execution Steps

执行步骤

  1. Execute 
    aws sso login
    command with the specified profile
  2. Open browser automatically (or provide a URL to open manually)
  3. Complete authentication in the browser
  4. Confirm successful authentication
  1. 使用指定的配置文件执行
    aws sso login
    命令
  2. 自动打开浏览器(或提供URL供手动打开)
  3. 在浏览器中完成身份验证
  4. 确认身份验证成功

Command Example

命令示例

bash
undefined
bash
undefined

Login with SSO using specified profile

Login with SSO using specified profile

aws sso login --profile <profile-name>
undefined
aws sso login --profile <profile-name>
undefined

Project Configuration

项目配置

  • Document the default profile name (e.g., 
    web-hosting
    ) in a separate project guide such as 
    .github/skills/README.md
    or a skill configuration file.
  • Refer to that document when invoking this Skill so the same definition can be reused across repositories without editing the Skill itself.
  • 在单独的项目指南(如
    .github/skills/README.md
    或Skill配置文件)中记录默认配置文件名称(例如
    web-hosting
    )。
  • 调用此Skill时参考该文档,这样无需修改Skill本身,就能在多个仓库中复用相同的定义。

Output

输出

After successful authentication:
  • SSO session is established and cached locally
  • AWS CLI commands can be executed using the specified profile
  • Session remains valid for the configured duration (typically 8-12 hours)
身份验证成功后:
  • SSO会话已建立并在本地缓存
  • 可使用指定的配置文件执行AWS CLI命令
  • 会话在配置的时长内保持有效(通常为8-12小时)

Usage Examples

使用示例

After executing this skill, AWS CLI commands with the profile become available:
bash
undefined
执行此Skill后,即可使用带该配置文件的AWS CLI命令:
bash
undefined

Verify authentication

Verify authentication

aws sts get-caller-identity --profile <profile-name>
aws sts get-caller-identity --profile <profile-name>

Assume a role (often used after SSO login)

Assume a role (often used after SSO login)

aws sts assume-role --role-arn <role-arn> --role-session-name <session-name> --profile <profile-name>
undefined
aws sts assume-role --role-arn <role-arn> --role-session-name <session-name> --profile <profile-name>
undefined

Prerequisites

前置条件

  • AWS CLI v2 installed (SSO support requires v2 or later)
  • SSO configuration set up in 
    ~/.aws/config
    for the specified profile
  • Web browser available for authentication
  • Network access to the SSO authentication endpoint
  • 已安装AWS CLI v2版本(SSO支持需要v2或更高版本)
  • 已在
    ~/.aws/config
    中为指定配置文件完成SSO配置
  • 具备可用于身份验证的网页浏览器
  • 能够访问SSO身份验证端点的网络环境

Notes

注意事项

  • SSO sessions expire after a configured duration (typically 8-12 hours)
  • When the session expires, re-execute this skill to re-authenticate
  • Browser-based authentication is required; this cannot be fully automated
  • For headless environments, consider using 
    --no-browser
    flag and manually opening the provided URL
  • This skill should be executed before the 
    assume-cloudformation-role
    skill if role assumption requires SSO authentication
  • SSO会话会在配置的时长后过期(通常为8-12小时)
  • 会话过期后,重新执行此Skill以完成身份验证
  • 必须基于浏览器进行身份验证,无法完全自动化
  • 对于无界面环境,可考虑使用
    --no-browser
    参数并手动打开提供的URL
  • 如果角色假设需要SSO身份验证,则应在执行
    assume-cloudformation-role
    Skill前先执行此Skill