Generate temporary AWS access tokens from an SSO login to the AWS console.
- permissions scoped to signin.aws.amazon.com/saml
- saml assertion expires after 5 minutes
- sts tokens expire after 1 hour
- tokens are not stored in the browser / extension
Increase your security posture by generating temporary AWS access tokens. Ideal for developers, engineers or users that require access to the AWS CLI, but want to protect themselves from device compromise.
Creating and storing permanent access tokens is prone to security issues. Leveraging an existing SSO/SAML login flow with your AWS account, you can avoid this pitfall, reduce key management, and maintain user attribution in AWS.