Amazon IAM Identity Center credentials in Amazon Toolkit for Visual Studio
Amazon IAM Identity Center is the recommended best practice for managing your Amazon account authentication.
For detailed instructions on how to set up IAM Identity Center for Software Development Kits (SDKs) and the Amazon Toolkit for Visual Studio, see the IAM Identity Center authentication section of the Amazon SDKs and Tools Reference Guide.
Authenticating with IAM Identity Center from the Amazon Toolkit for Visual Studio
To authenticate with IAM Identity Center from the Amazon Toolkit for Visual Studio by adding an IAM Identity Center profile to your credentials
or config
file, complete the following steps.
-
From your preferred text editor, open the Amazon credentials information stored in the
<hone-directory>\.aws\credentials
file. -
From the
credentials file
under the section[default]
, add a template for a named IAM Identity Center profile. The following is an example template:Important
Do not use the word profile when creating an entry in the
credential
file because creates a conflict with thecredential
file naming conventions.Include the prefix word
profile_
only when configuring a named profile in theconfig
file.[
sso-user-1
] sso_start_url =https://example.com/start
sso_region =us-east-2
sso_account_id =123456789011
sso_role_name =readOnly
region =us-west-2
-
sso_start_url
: The URL that points to your organization's IAM Identity Center user portal. -
sso_region
: The Amazon Region that contains your IAM Identity Center portal host. This can be different from the Amazon Region specified later in the defaultregion
parameter. -
sso_account_id
: The Amazon account ID that contains the IAM role with the permission that you want to grant to this IAM Identity Center user. -
sso_role_name
: The name of the IAM role that defines the user's permissions when using this profile to get credentials through IAM Identity Center. -
region
: The default Amazon Region that this IAM Identity Center user signs into.
Note
You can also add an IAM Identity Center enabled profile to your Amazon CLI by running the aws
configure sso
command. After running this command, you provide values for the IAM Identity Center
start URL (sso_start_url
) and the Amazon Region (region
) that hosts
the IAM Identity Center directory.
For more information, see Configuring the Amazon CLI to use Amazon Single Sign-On in the Amazon Command Line Interface User Guide.
Signing in with IAM Identity Center
When signing in with an IAM Identity Center profile, the default browser is launched to the sso_start_url
specified in your credential file
. You must verify your IAM Identity Center login before you can access your Amazon resources in
Amazon Toolkit for Visual Studio. If your credentials expire, you'll have to repeat the connection process to
obtain new temporary credentials.