Simplified developer access to AWS with ‘aws login’
Security Blog
This article introduces the new `aws login` command in AWS CLI, which simplifies developer access to AWS by eliminating the need for long-term access keys.
- New `aws login` command provides temporary credentials using AWS Management Console sign-in method
- Works with IAM credentials, federated sign-in, and supports multiple AWS accounts via profiles
- Temporary credentials auto-rotate every 15 minutes, valid up to 12 hours maximum
- Compatible with AWS SDKs, AWS Tools for PowerShell, and remote development servers
- Access controlled via IAM actions: signin:AuthorizeOAuth2Access and signin:CreateOAuth2Token
- Uses OAuth 2.0 with PKCE for secure authorization code flow protection
- Activity logged in CloudTrail with two new event types: AuthorizeOAuth2Access and CreateOAuth2Token
- Available across all AWS commercial regions at no additional cost
The `aws login` command provides a secure alternative to static access keys for local development, enabling developers to start building immediately after AWS signup.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 19
2025
2025
AWS enables developers to use console credentials for AWS CLI and SDK authentication
Oct 15
2024
2024
AWS access portal now offers streamlined sign in for AWS Console Mobile App
Jul 21
2025
2025
Beyond IAM access keys: Modern authentication approaches for AWS
Oct 7
2024
2024
Sign-in to AWS Console Mobile Application with an AWS Access Portal or third-party IdP URL
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.