AWS Command Line Interface adds PKCE-based authorization for single sign-on
The AWS Command Line Interface (AWS CLI) v2 now supports OAuth 2.0 authorization code flows using the Proof Key for Code Exchange (PKCE) standard. This provides a simple and safe way to retrieve credentials for AWS CLI commands.
The AWS CLI is a unified tool that enables you to control multiple AWS services from the command line and to automate them through scripts. AWS CLI v2 offers integration with AWS IAM Identity Center, the recommended service for managing workforce access to AWS applications and multiple AWS accounts. The authorization code flow with PKCE is the recommended best practice for access to AWS resources from desktops and mobile devices with web browsers. It is now the default behavior when running the aws sso login or aws configure sso commands.
To learn more, see Configuring IAM Identity Center authentication with the AWS CLI in the AWS CLI User Guide. Share your questions, comments, and issues with us on GitHub. AWS IAM Identity Center is available at no additional cost in AWS Regions.