AWS Identity Center Credential Manager

Quickly refresh your local AWS CLI credentials from IAM Identity Center (SSO) with one click.

Tired of manually copying temporary credentials from the AWS SSO portal into your ~/.aws/credentials file every time they expire? AWS Identity Center Credential Manager automates the entire process. WHAT IT DOES This extension connects to your AWS IAM Identity Center (formerly AWS SSO) portal, discovers every account and role available to you, and writes fresh temporary credentials directly to your local ~/.aws/credentials file — all in a single click. HOW TO USE IT 1. Start the companion server on your machine (see Prerequisites below). 2. Log in to your AWS SSO portal in Chrome (e.g. https://yourorg.awsapps.com/start). 3. Click the extension icon. Your accounts and roles appear automatically. 4. Choose which roles to include using the checkboxes (or use "Select all"). 5. Optionally customize the profile alias for each role — this is the [profile] name that gets written to ~/.aws/credentials. Hover the ⓘ icon on any row for details. 6. Click "Refresh Credentials." Done. 7. Verify with: aws sts get-caller-identity --profile your-alias FEATURES • Automatic discovery of all accounts and roles from your SSO portal • Select all / deselect all with a single checkbox • Per-role enable/disable — only refresh the credentials you need • Custom profile aliases — control exactly how each profile appears in ~/.aws/credentials • Inline help tooltips explaining what each field does • Collapsible account sections to keep things organized • Preserves any existing profiles in ~/.aws/credentials that aren't managed by the extension • Clear success and error feedback after every refresh PREREQUISITES This extension works together with a lightweight companion server that runs locally and handles writing to your ~/.aws/credentials file. The easiest way to run it is with Docker: docker run -d -p 50173:80 -v ~/.aws:/app/aws --name aws-credential-manager --restart unless-stopped cbekmezian/aws-credential-manager:latest Alternatively, use the docker-compose.yml included in the project repository. PERMISSIONS • Tabs — to detect when you're on your AWS SSO portal • Cookies — to read your SSO session token for authentication • Host access (*.awsapps.com) — to communicate with the AWS SSO portal LINKS Source code, issues, and documentation: https://github.com/rad12000/aws-identity-center-credential-manager