Assume

Getting started

Your first AWS session

There are two ways in: connect an AWS SSO portal and inherit everything at once, or create a single session from IAM credentials.

Option A — AWS SSO (recommended)

  1. 01Add an AWS Single Sign-On integration with your portal URL and region.
  2. 02Sign in when the browser opens — the OIDC device flow means no secrets ever touch Assume.
  3. 03Sync. Every account and permission set you can reach appears in the session list.
  4. 04Click a session to start it. The dot turns teal; credentials exist.

Option B — IAM credentials

  1. 01Create a new AWS IAM User session and paste the access key pair. It's encrypted immediately and never stored in plaintext.
  2. 02Need a role? Create an IAM Role Federated or IAM Role Chained session on top — Assume walks the STS hops each time you start it.
  3. 03Start the session.

Use it

A running session writes temporary credentials to the named profile you chose, so every AWS tool just works. Stop the session and they're revoked from your machine.

Terminal
aws sts get-caller-identity
aws s3 ls