Hey everyone! I noticed some changes with the AWS SSO login process recently, specifically with the "aws sso login" command. I used to have to validate a code in my browser first, but now it just loads and shows a different 'you can close this window' screen. Has the process been updated on AWS's side? What's going on?
3 Answers
I’ve experienced this too. While I think the security aspect is solid, the usability does take a hit compared to traditional environments. The need for constant authentication and various steps makes it a bit of a hassle, but at least it’s secure!
It looks like AWS shifted from using the device code flow to a PKCE-based flow. With the new flow, if your terminal and browser are on the same machine, the CLI sets up a local web server. Once you log in via the browser, it redirects back to the CLI with the necessary credentials, which is different from the old method where you’d enter a code into SSO.
This change has actually been around for at least a month or two. It’s certainly an interesting approach for logging in without using static usernames and passwords. I often explain this to developers transitioning from Microsoft environments and they find it a bit odd. You essentially log in to AWS through your browser even when using the CLI, which can feel confusing at first!
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads