Hey everyone! I noticed some changes with the AWS SSO login process recently, specifically with the "aws sso login" command. I used to have to validate a code in my browser first, but now it just loads and shows a different 'you can close this window' screen. Has the process been updated on AWS's side? What's going on?
3 Answers
I’ve experienced this too. While I think the security aspect is solid, the usability does take a hit compared to traditional environments. The need for constant authentication and various steps makes it a bit of a hassle, but at least it’s secure!
It looks like AWS shifted from using the device code flow to a PKCE-based flow. With the new flow, if your terminal and browser are on the same machine, the CLI sets up a local web server. Once you log in via the browser, it redirects back to the CLI with the necessary credentials, which is different from the old method where you’d enter a code into SSO.
This change has actually been around for at least a month or two. It’s certainly an interesting approach for logging in without using static usernames and passwords. I often explain this to developers transitioning from Microsoft environments and they find it a bit odd. You essentially log in to AWS through your browser even when using the CLI, which can feel confusing at first!
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads