Right now it's not supported, we support profiles for AWS or normal flags/env.

Could you describe a bit more you usecase so we could check and potentially add it?

@xescugc
Hi, I have same issue.

In my profile, it looks like,

[profile xxx-prod]
sso_start_url = https://xxx.awsapps.com/start
sso_region = ap-northeast-2
sso_account_id = xxxx
sso_role_name = xxxx-role
region = ap-northeast-2

and I log in using aws sso login --profile xxx command.

after logged in,
we don't need to use access key and secret key. so these should be optional.

This PR #295 should fix the issue ideally :).

and you need to remove required option.

$ terracognita aws --aws-profile xxx --hcl . 
Error: the flag "access-key" is required

Did you build it from the PR? Because it's not yet merged.

I built it from your branch (fg-282) and had the same issue.

The issue more in general is that the tool is requiring access key and secret key, that don't fit advanced authentication models such as SSO and ADFS.
In case you use the mentioned authentication methods, the access key and secret key are generated on the fly and stored in the .aws directory, and the aws sdk should be able to work out using the information supplied in the profile to perform the login. So I think you could remove the requirement for those 2 parameters, at least if the user is providing a profile name.

Much needed for saml based authentication as well.