That is one convoluted solution. Easier:

Federate users to AWS using SAML https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_pr...

This is murder to do for the command line. IAM users are the right choice for CLI.

edit: apparently aws sso assists here!

For interactive cli use (that is: a person sitting at a computer), SSO is directly supported. `aws sso login ` pops up the web browser, starts the sso login flow and temporary credentials are issued for the cli. Has been working pretty neat for us.

This doesn't work if you use OneLogin with IDP initiated login (and multiple accounts).

Which sucks. We've had to write our own tooling, and you even need to use an extension like this[1] :(

1. https://chrome.google.com/webstore/detail/saml-to-aws-sts-ke...

Have you considered saml2aws[0]?

[0] https://github.com/Versent/saml2aws