Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Login credentials provider

You can use your existing Amazon Management Console sign-in credentials to acquire short-term credentials that can be used for programmatic access. After you complete the browser-based authentication flow, Amazon generates temporary credentials that work across local development tools like the Amazon CLI, Amazon Tools for PowerShell and Amazon SDKs.

To generate these credentials, run the aws login command in the Amazon CLI, or the Invoke-AWSLogin cmdlet in Amazon Tools for PowerShell. The resulting short-term credentials will be cached locally, where they can be reused by the Amazon SDKs. The short-term credentials expire in 15 minutes, but the CLI and SDKs will automatically refresh them as needed up to 12 hours. When the refresh token expires, you'll be prompted to log in again via the CLI or PowerShell.

The login command will update the profile you specify with the login_session setting, which stores the identity of the management console session that you selected during the login workflow.

[profile console]
login_session = arn:aws:iam::0123456789012:user/username
region = us-west-2

By default, the short-term credentials and refresh token are stored in a JSON file in the ~/.aws/login/cache directory on Linux and macOS, or %USERPROFILE%\.aws\login\cache on Windows. The filename is based on the login session name. You can override the directory by setting the AWS_LOGIN_CACHE_DIRECTORY environment variable.

Login Provider Settings

Configure this functionality by using the following:

Support by Amazon SDKs and tools

The following SDKs support the features and settings described in this topic. Any partial exceptions are noted. Any JVM system property settings are supported by the Amazon SDK for Java and the Amazon SDK for Kotlin only.