I'm looking for tips on how to quickly assume roles after logging in through SSO. I was using the assume/granted method, but it suddenly stopped working. I received an error saying my session token was not found or was invalid. Any suggestions on how to resolve this?
4 Answers
I've experienced the same error on macOS. Try removing your local AWS cache folder located at ~/.aws/sso/cache and also check your keychain for granted, then delete the SSO token. That worked for me!
Check out these resources for some guidance:
- [Oh My Zsh AWS Plugin](https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/aws/README.md)
- [AWS CLI SSO Configuration Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)
- [AWS SSO Util GitHub](https://github.com/benkehoe/aws-sso-util)
Just a heads up, remember that tokens have a limited lifetime. It's possible the maximum lifetime value was changed, which could cause your issue.
One way to switch roles easily is by using profiles. Log in with your default profile and then swap to other roles using config profiles. Some of my teammates prefer using environment variables to set profiles, while others use the --profile option. Keeping the config in Git makes it easy to stay updated with new accounts!
If you're going the environment variable route, don't forget to include your current profile in your prompt to make it easier to remember!
So do you need to set up a profile first to assume another role?