Storing Amazon access keys on developer and administrator workstations presents security challenges because these keys are long lived, unencrypted, and relatively difficult to rotate and manage. Technology Services has developed awscli-login, a user-friendly open source plugin for the AWS Command Line Interface, to help address this issue. It allows users to securely generate and automatically rotate short-lived Amazon access keys using their personal Shibboleth and Duo credentials. These short-lived credentials can be used to access the Amazon API and command line tools such as Terraform without having to store any long-lived credentials. We will discuss the overall architecture, the plugin’s user-friendly feature set, and provide a live demo.