Using IAM Identity Center credentials
To connect with AWS IAM Identity Center (successor to AWS Single Sign-On), you must complete the following prerequisites:
-
Enable IAM Identity Center – This includes choosing your identity source and setting up IAM Identity Center access to your AWS accounts. For more information, see Getting started in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide.
-
Add an IAM Identity Center profile – With IAM Identity Center, you define a named profile in the credentials file or config that you use to retrieve temporary credentials for your AWS account. The profile definition specifies the AWS access portal as well as the AWS account and IAM role associated with the user requesting access.
To add an IAM Identity Center profile
The following procedure outlines how to add an IAM Identity Center profile to your
credentials
or config
file.
Adding an IAM Identity Center profile to your credentials file in VS Code
-
Open VS Code.
-
To open the Command Palette, on the menu bar, choose View, Command Palette. Or use the following shortcut keys:
-
Windows and Linux – Press Ctrl+Shift+P.
-
macOS – Press Shift+Command+P.
-
-
Search for AWS and choose AWS Toolkit Create Credentials Profile. This will open the credentials file.
-
In the either the
credentials
orconfig
file, under[default]
, add a template for a named IAM Identity Center profile. An example profile follows:... Named profile in credentials file ... [profile
sso-user-1
] sso_start_url =https://example.com/start
sso_region =us-east-2
sso_account_id =123456789011
sso_role_name =readOnly
region =us-west-2
Important Do not use the word profile when creating an entry in the credentials file. This is because the credentials file uses a different naming format than the config file. Include the prefix word
profile
only when configuring a named profile in the config file.
When assigning values for your profile, keep the following in mind:
-
sso_start_url
– The URL that points to your organization's AWS access portal. -
sso_region
– The AWS Region that contains your AWS access portal host. This can be different from the AWS Region specified later in the defaultregion
parameter. -
sso_account_id
– The AWS account ID that contains the IAM role with the permission that you want to grant to this IAM Identity Center user. -
sso_role_name
– The name of the IAM role that defines the user's permissions when using this profile to get credentials through IAM Identity Center. -
region
– The default AWS Region that this IAM Identity Center user will sign into.
Signing in with IAM Identity Center
When signing in with an IAM Identity Center profile, the default browser is launched to the specified portal. You must verify your IAM Identity Center login before you can access your AWS resources in VS Code. Note that if your credentials expire, you'll have to repeat the connection process to obtain new temporary credentials.