AWS SSO Q: Has anybody found a way to 'mass-sign-in' to multiple AWS SSO accounts? Our org has dozens of AWS accounts, and I wanted to login or have profiles for many of them. Right now, I have to pre-setup a profile for EACH account:

~/.aws/config

[profile account1.readonly]
sso_start_url = <https://mycompanysso.awsapps.com/start/#/>
sso_region = us-west-2
sso_account_id = 1111111111
sso_role_name = AWSReadOnly
region = us-east-1

[profile account2.readonly]
sso_start_url = <https://mycompanysso.awsapps.com/start/#/>
sso_region = us-west-2
sso_account_id = 2222222222
sso_role_name = AWSReadOnly
region = us-east-1
...

..then sign on to EVERY profile manually:

aws sso login --profile account1.readonly
(opens by browser, I have to enter the 8-character code)
aws sso login --profile account2.readonly
  # repeat for DOZENS of accounts!!!

There has to be a better way.

that does suck. though i thought you only had to login to a given sso instance (e.g. the

start_url

) once per session, then every sso profile that used that same endpoint would be available... no? i.e...

aws sso login --profile account1.readonly

aws s3 ls --profile account2.readonly

... I just tested it out, and YES you're right!! I just have to go through the whole rigamarole once , then I point to the profiles. The work is setting up the

~/.aws/config

file with all hundred accounts.role's I have. and my SSO login should work for the default 12 hours.

whew! it is a lot of setup for all the profiles, but at least once that's done, the login is only needed once per session!

If you have a standard set of roles in each account, then you can easily write a script to generate the aws config . That's what I did