I’ve completely adopted the use of CDK for my IaC of choice. I’ve demoed Pulumi and while I like the visualization and my proof of concept was fun…At the end of the day I’m only using AWS. So I’m going to stay in that eco system. In the future I might adopt Pulumi or some other dev centric IaC if I end up doing a lot of multi-cloud stuff, but for now I decided to keep it simple. With that out the way, I’ve noticed a few oddities when leveraging CDK via SSO, or any other cli tooling that relies on the AWS profiles config and credentials.

This post will be short, sweet, and to the point. I’m going to introduce you to an open source project called YAWSSO that hopefully might alleviate some issues that some of you might have had along the way.


Using any form of SSO (Okta, AWS SSO, Google Cloud, etc.) through the cli shouldn’t be tricky. It’s a bit annoying that whatever tooling I’m using in tandem with AWS SSO complains that it can’t find my profiles. I configured profiles, I authenticated via mfa, what more do you want? Well I struggled a little while before stumbling into this project here.

The repo is public and the project has served me well. This blog post is really to just shine a light on that tool as it’s documented enough. It’s helped me with all of the below tooling:

cdk deploy ...
terraform apply ...
cw ls -p dev groups
awsbw -L -P dev
sqsmover -s main-dlq -d main-queue
ecs-cli ps --cluster my-cluster

This should keep your profiles synced and all should be well.

As always, thanks for reading!

- FIN - Christopher L Medina Solutions Architect - Masterthe.Cloud