Recently I was setting up a new computer which involved configuring the AWS CLI to use IAM Identity Center (formerly AWS SSO) to access my accounts. Normally this is a prety straight forward proposition. After running aws configure sso
command you need to provide four pieces of information:
Session Name
Start URL
Region
Registration Scopes
AWS then authenticates you, you select your account, answer some more questions and it's done.
This time I keep getting an invalid_grant error after I authenticated myself.
The problem and solution turned out to be really simple. I selected the wrong region for IAM Identity Center. In my defence I mostly work with IAM Identity Center in my closest region but this was an older account and it was setup in a different region. Once I had the correct region everything worked correctly.