The other thing you’ll run into using IAM users in AWS CLI is that a lot of things don’t support SSO sessions anyway. If you configure an IAM user with an SSO session name as recommended you’ll get errors like this:
$ eb init -p python-3.8 eb-flask-app ERROR: InvalidConfigError - The profile "default" is configured to use SSO but is missing required configuration: sso_start_url, sso_region
$ terraform apply | Error: configuring Terraform AWS Provider: loading configuration: profile "default" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
You can fix these by configuring without an SSO session:
$ aws configure sso SSO session name (Recommended): WARNING: Configuring using legacy format (e.g. without an SSO session). Consider re-running "configure sso" command and providing a session name. SSO start URL [None]: https://whatever.awsapps.com/start SSO region [None]: us-east-1 ...
You can also fix them by just editing your
~/.aws/config, and copying the
sso_region keys from the
[sso-session ...] section into the relevant user’s section, but that might be a hack too far!