sso_role_name - AWS SDKs and Tools


Specifies the friendly name of the IAM role that defines the user's permissions when using this profile to get credentials through AWS SSO.


When the AWS SSO settings are specified in a profile, the SDK or tool connects to the AWS SSO portal specified in sso_start_url and sso_region. After the user successfully authenticates with AWS SSO, the portal returns short-term credentials for the IAM role specified by the sso_account_id and sso_role_name.

Default value: None. You must set this value explicitly if you want to use AWS SSO.

Valid values: This value must be the friendly name for an IAM role, not the Amazon Resource Name (ARN). The role must exist in the AWS account specified by sso_account_id.

If you set this value, you must also set sso_account_id, sso_region, and sso_start_url in the same profile. For more information about using AWS SSO and the AWS CLI, see Configuring the AWS CLI to use AWS Single Sign-On in the AWS Command Line Interface User Guide.

Ways to set this value

Location Supported Example
config file Yes
sso_role_name = SSOReadOnlyRole sso_region = us-east-1 sso_account_id = 123456789012 sso_start_url =
credentials file -
Environment variable -
AWS CLI parameter -

Compatibility with AWS SDKS and tools