I have SSO configured for my AWS organizational accounts. Have created two accounts(one is dev and the other is prod). How do i restrict AWS CLI Access for my prod accounts SSO users. Tried looking up in their documentation, but couldn't find any.
Can someone help me?
The AWS Command-Line Interface (CLI) can be configured to connect via SSO and assume an IAM Role. It can then be used to make API calls according to the permissions in the chosen IAM Role.
It is not possible to 'restrict' the AWS CLI. Instead, you would restrict the permissions in the IAM Role that is being used.
See: Configuring the AWS CLI to use AWS Single Sign-On - AWS Command Line Interface