From d963d4c22c1e964674c7f920889e6b80113387f5 Mon Sep 17 00:00:00 2001 From: Alex Shovlin Date: Tue, 17 Mar 2026 16:52:19 -0400 Subject: [PATCH 1/3] Add tip that suggests 'aws login' during 'aws configure' for new profiles --- .../enhancement-configure-2863.json | 5 +++ awscli/customizations/configure/configure.py | 24 ++++++++++--- awscli/customizations/login/login.py | 1 + awscli/examples/configure/_description.rst | 4 +++ awscli/examples/login/_examples.rst | 35 +++++++++++++++++++ 5 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 .changes/next-release/enhancement-configure-2863.json create mode 100644 awscli/examples/login/_examples.rst diff --git a/.changes/next-release/enhancement-configure-2863.json b/.changes/next-release/enhancement-configure-2863.json new file mode 100644 index 000000000000..6f599fe3227f --- /dev/null +++ b/.changes/next-release/enhancement-configure-2863.json @@ -0,0 +1,5 @@ +{ + "type": "enhancement", + "category": "``configure``", + "description": "Add tip that suggests ``aws login`` during ``aws configure`` for new profiles" +} diff --git a/awscli/customizations/configure/configure.py b/awscli/customizations/configure/configure.py index 9160a09b5abe..cb67f6c4f6f0 100644 --- a/awscli/customizations/configure/configure.py +++ b/awscli/customizations/configure/configure.py @@ -68,6 +68,8 @@ class ConfigureCommand(BasicCommand): 'To create a new configuration::\n' '\n' ' $ aws configure\n' + ' Tip: You can now deliver temporary credentials to the AWS CLI\n' + ' using your AWS Console session. Simply run \'aws login\'.\n\n' ' AWS Access Key ID [None]: accesskey\n' ' AWS Secret Access Key [None]: secretkey\n' ' Default region name [None]: us-west-2\n' @@ -127,9 +129,11 @@ def _should_prompt_for_session_token(self, new_values, config): new_access_key = new_values.get('aws_access_key_id') if new_access_key and not self._needs_session_token(new_values): return False - + # Prompt if needed for temporary credentials or if already exists - return self._needs_session_token(new_values) or config.get('aws_session_token') + return self._needs_session_token(new_values) or config.get( + 'aws_session_token' + ) def _run_main(self, parsed_args, parsed_globals): # Called when invoked with no args "aws configure" @@ -142,10 +146,22 @@ def _run_main(self, parsed_args, parsed_globals): except ProfileNotFound: config = {} + if not config: + sys.stdout.write( + '\nTip: You can now deliver temporary credentials' + ' to the AWS CLI using your AWS Console session.' + ' Simply run \'aws login\'.\n\n' + ) + for config_name, prompt_text in self.VALUES_TO_PROMPT: - if config_name == 'aws_session_token' and not self._should_prompt_for_session_token(new_values, config): + if ( + config_name == 'aws_session_token' + and not self._should_prompt_for_session_token( + new_values, config + ) + ): continue - + current_value = config.get(config_name) new_value = self._prompter.get_value( current_value, config_name, prompt_text diff --git a/awscli/customizations/login/login.py b/awscli/customizations/login/login.py index f102ab2ae795..9a1695b16f8e 100644 --- a/awscli/customizations/login/login.py +++ b/awscli/customizations/login/login.py @@ -50,6 +50,7 @@ class LoginCommand(BasicCommand): 'temporary credentials with the ``AWS_LOGIN_CACHE_DIRECTORY`` ' 'environment variable.' ) + EXAMPLES = BasicCommand.FROM_FILE() ARG_TABLE = [ { 'name': 'remote', diff --git a/awscli/examples/configure/_description.rst b/awscli/examples/configure/_description.rst index 9b7e9b3c59b9..f0448e8467a1 100644 --- a/awscli/examples/configure/_description.rst +++ b/awscli/examples/configure/_description.rst @@ -10,6 +10,10 @@ When you are prompted for information, the current value will be displayed in config file. It does not use any configuration values from environment variables or the IAM role. +Tip: You can now deliver temporary credentials to the AWS CLI using your AWS +Console session. Simply run ``aws login``. For more information, see +`Login for AWS local development using console credentials `__. + Note: the values you provide for the AWS Access Key ID and the AWS Secret Access Key will be written to the shared credentials file (``~/.aws/credentials``). diff --git a/awscli/examples/login/_examples.rst b/awscli/examples/login/_examples.rst new file mode 100644 index 000000000000..df44ea4e91b5 --- /dev/null +++ b/awscli/examples/login/_examples.rst @@ -0,0 +1,35 @@ +**Example 1: To login with default parameters** + +The following ``login`` example authenticates the CLI using your AWS Console session. A browser window opens automatically to complete the sign-in. :: + + aws login + +Output:: + + Attempting to open your default browser. + If the browser does not open, open the following URL: + + https://signin.aws.amazon.com/... + + Updated profile default to use arn:aws:sts::123456789012:assumed-role/my-role/my-session-name credentials. + +For more information, see `Login for AWS local development using console credentials `__ in the *AWS CLI User Guide*. + +**Example 2: To login from a remote host** + +The following ``login`` example uses the ``--remote`` option to authenticate from a host where a browser is not available, such as over SSH. You visit the provided URL on another device and paste the authorization code back into the CLI. :: + + aws login --remote + +Output:: + + Browser will not be automatically opened. + Please visit the following URL: + + https://signin.aws.amazon.com/... + + Enter the authorization code displayed in your browser: XXXX + + Updated profile default to use arn:aws:sts::123456789012:assumed-role/my-role/my-session-name credentials. + +For more information, see `Login for AWS local development using console credentials `__ in the *AWS CLI User Guide*. From d6ce6d79de7665d08e813b0f1c4295373239778f Mon Sep 17 00:00:00 2001 From: Alex Shovlin Date: Tue, 17 Mar 2026 17:36:38 -0400 Subject: [PATCH 2/3] Fix test for 'aws login' --- tests/functional/docs/test_examples.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/functional/docs/test_examples.py b/tests/functional/docs/test_examples.py index 5a06042f5261..46f4eaa3c92b 100644 --- a/tests/functional/docs/test_examples.py +++ b/tests/functional/docs/test_examples.py @@ -283,6 +283,10 @@ def _parse_service_operation(self, command, filename): # We know the service is good. Parse the operation. cmd = self._service_command_table[parsed_args.command] cmd_table = cmd.create_help_command().command_table + if ( + not cmd_table + ): # skip top-level commands without subcommands like 'aws login' + return service_parser = ServiceArgParser( operations_table=cmd_table, service_name=parsed_args.command ) From 8f69913f5f70eb2b1bb0be609f0ed8c687e2ce46 Mon Sep 17 00:00:00 2001 From: Alex Shovlin Date: Wed, 18 Mar 2026 17:03:24 -0400 Subject: [PATCH 3/3] Update awscli/examples/configure/_description.rst Co-authored-by: Kenneth Daily --- awscli/examples/configure/_description.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/awscli/examples/configure/_description.rst b/awscli/examples/configure/_description.rst index f0448e8467a1..f2a8dec9d339 100644 --- a/awscli/examples/configure/_description.rst +++ b/awscli/examples/configure/_description.rst @@ -10,8 +10,8 @@ When you are prompted for information, the current value will be displayed in config file. It does not use any configuration values from environment variables or the IAM role. -Tip: You can now deliver temporary credentials to the AWS CLI using your AWS -Console session. Simply run ``aws login``. For more information, see +Tip: You can deliver temporary credentials to the AWS CLI using your AWS +Console session by running the command ``aws login``. For more information, see `Login for AWS local development using console credentials `__. Note: the values you provide for the AWS Access Key ID and the AWS Secret