[FEATURE] Interactive awsAuthRefresh
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
In enterprise environments, device code-based web login for AWS authentication is often blocked by corporate security policies. Tools like gimme-aws-creds can fallback to interactive authentication methods (password + MFA via mobile push, SMS, etc.) when device code auth is unavailable.
Currently, when AWS credentials expire during a Claude Code session, users must:
- Press Ctrl+C twice to quit Claude Code
- Run authentication tool separately (e.g., gimme-aws-creds) to refresh credentials
- Restart Claude Code
- Use /resume to continue their work
This workflow disrupts developer productivity and creates unnecessary friction for enterprise developers using AWS Bedrock.
Proposed Solution
Add support for interactive AWS credential refresh within Claude Code, similar to how tools like gimme-aws-creds handle authentication fallbacks.
Desired Behavior
When AWS credentials expire or are invalid:
- Claude Code detects the authentication error
- Prompts the user: “AWS credentials have expired. Would you like to refresh them now? (y/n)”
- If yes, launches the configured authentication flow interactively
- Allows user to complete authentication (password entry, MFA approval, etc.)
- Automatically resumes the previous task once credentials are refreshed
Alternative Solutions
_No response_
Priority
Medium - Would be very helpful
Feature Category
Configuration and settings
Use Case Example
- Enterprise developers using AWS Bedrock with SSO/SAML authentication
- Teams with MFA requirements (Duo push, Okta, etc.)
- Organizations that disable device code authentication flows
- Developers working on long-running tasks that span credential expiration windows
Additional Context
Common enterprise authentication tools that require interactive flows:
- gimme-aws-creds
- saml2aws
This feature would make Claude Code more viable for enterprise adoption where security policies restrict certain authentication methods.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗