Replies: 1 comment 1 reply
-
|
You can get this without calling STS every time. For SSO profiles, AWS CLI caches the SSO access token locally under: ~/.aws/sso/cache/ Those cache files are JSON and include an Example (bash) to print the soonest-expiring SSO token expiry: ls -1 ~/.aws/sso/cache/.json >/dev/null 2>&1 && If you also want the “who am I” ARN without the 2–3s STS call, there is no built-in environment variable that AWS CLI exports (like AWS_SSO_ARN) because the caller identity is not derived purely from the local token; it’s resolved by AWS services (STS). Practical prompt approach: Use AWS_PROFILE (or AWS_DEFAULT_PROFILE) to show which profile is selected, and use the local SSO cache export AWS_PROFILE=my-sso-profile Then in your prompt:
If you need ARN, the only authoritative method is an API call like Summary:
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks! If this helps, please consider marking it as “Helpful” or “Accepted” 😊 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Been trying to figure out how to get the current creds used on my terminal window. So that I can place that in my PROMPT. I am able to run
aws sts get-caller-identitybut that can take up to3 secondsto run ( that is a long pause between terminal prompts ).Before we used sso, I could just look at
AWS_PROFILEvariable to tell what that was being used. Is there a way to get this information? Or can the cli addAWS_SSO_ARNandAWS_SSO_EXPIRATION( with timestamp of when it expires )?Beta Was this translation helpful? Give feedback.
All reactions