AWS CLI Reference

Configure CLI SSO

What you'll need

1. Install AWS CLI
2. Our access portal url: https://d-9067ff8475.awsapps.com/start

Setup

1. Run aws configure sso
2. Enter the following properties:
   • Session name: (tip: choose an easy name as you may need to type it in CLI commands)
   • SSO start URL: access portal URL from above
   • SSO region: us-east-1
   • SSO registration scopes: leave default
3. After the browser authentication select:
   • AWS account
   • Role
   • Profile name (tip: choose an easy name as you may need to type it in CLI commands)
4. Get a list of all configured profiles by running aws configure list-profiles
5. Test the configured profile by running aws s3 ls --profile {profile name}

Additional info

• Detailed explanation about setting up the CLI SSO
• AWS CLI docs

---

Add user to group

Since we use SSO to manage users in AWS we cannot manage group membership from the AWS console, only from CLI

aws identitystore create-group-membership \
--identity-store-id d-9067ff8475 \
--group-id {group id} \
--member-id UserId={user id}

Remove user from group

aws identitystore delete-group-membership \
  --identity-store-id d-9067ff8475 \
  --membership-id "$(
    aws identitystore get-group-membership-id \
      --identity-store-id d-9067ff8475 \
      --group-id {group id} \
      --member-id UserId={user id} \
      --query MembershipId --output text
  )"

---

Open shell in an ECS task

This command allows opening a shell in a running ecs task instance. More info in the doc.

aws ecs execute-command --cluster backend `
    --task {task ARN} `
    --interactive `
    --command "/bin/sh" `
    --profile {sso profile name} `
    --region {cluster region}