Setup AWS SSO CLI & API Access

In my last article, I discussed the steps to setup AWS SSO through Azure AD. By using Azure AD app roles, we are able to use our Azure AD accounts to access AWS Console. But with this measure, you will find there is no option in AWS IAM to generate Access Key and Secrete for CLI and API access. Fortunately, we are not the only ones out there have this problem. David T Johnson faced the same issue and he is kind and smart enough (unlike me) to create a tool to address this issue. The tool source code can be found on Github https://github.com/dtjohnson/aws-azure-login The tool is written in Node.Js. So if you don't have Node, the first thing will be to install Node from https://nodejs.org/en/ . After that simply follow the installation instructions to get the tool going. The example show here is tested from Windows 10. Before start, log into Azure portal to get Azure Tenant ID and the AWS SSO App ID. The tenant ID can be found in Properties section of Azure A