# AWS account access using saml2aws and assume-role I have recently had the need to log into AWS using SSO using the CLI and assume role into other AWS account. The below commands will help assume role into the required AWS account. * saml2aws (): `saml2aws configure` 1. This command will prompt you to choose a idp and the mfa option 2. Post that, you will need to add the aws profile and the AWS instance url connected with the federated identity The url format: [https://../app/amazon\_aws/\/sso/saml](https://../app/amazon_aws//sso/saml) 3. This results in the following configuration in `~/.saml2aws` `saml2aws login -p ` 1. Once you add the username and password, a file named \~/.aws/credentials will be created.\ Sensitive credential information would be stored in this file. 2. This command will login into the set AWS account using temporary credentials. 3. ``is the profile set during configuration, you have privilege to assume role into another account. You would need to use version 2 of aws cli () if you would want to login using sso. Using saml2aws is a convenient wrapper to use the command line to work with AWS services. It works with most of identity providers. {% hint style="danger" %} If you want to use the password-less option of your idp, using aws cli would be beneficial as I have not been able to set the same for saml2aws yet. {% endhint %} * assume-role (): `assume-role ` * This command sets `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_SESSION_TOKEN` for the given role * The role we want to assume would need a profile setup in `~/.aws/config` where in the role\_arn you can assume should be mentioned. {% hint style="info" %} Use eval command with the assume-role command to configure your shell to use the temporary credentials - `eval $(assume-role )` {% endhint %} These tools came in handy for me and hope you find it useful too. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nazneen-rupawalla.gitbook.io/learn-write-share/aws/aws-account-access-using-saml2aws-and-assume-role.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.