Four AWS orgs, one command, skip the ones that are still valid
I work across four AWS organizations — a SaaS product, an ML inference company, a GovCloud partition, and a personal account. Every morning I ran aws sso login four times, opened four browser tabs, clicked through four approvals. By afternoon when one expired, I had to remember which one.
Named SSO sessions in ~/.aws/config help. Instead of putting sso_start_url in every profile, you define the session once and reference it:
[sso-session fizz@ramparts]
sso_start_url = https://ramparts.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[profile ramparts-devops]
sso_session = fizz@ramparts
sso_account_id = 012345678901
sso_role_name = AWSAdministratorAccess
region = us-east-1
Every profile that references fizz@ramparts shares the login — one browser tab covers the whole org. The named session is also what gives sso-login-all a handle to target each org without knowing which profiles exist under it.
sso-login-all parses your config for [sso-session] blocks, checks ~/.aws/sso/cache/ for a valid token matching that session’s start URL, and skips it if the token hasn’t expired.
$ sso-login-all
✓ fizz@ramparts
→ fizz@ferkakta
✓ ramparts-govcloud
✓ fizz@fdsapro
Done. 1 logged in, 3 skipped.
One expired, three still valid, one browser tab instead of four.