Recently I was setting up a new computer which involved configuring the AWS CLI to use IAM Identity Center (formerly AWS SSO) to access my accounts. Normally this is a prety straight forward proposition. After running aws configure sso command you need to provide four pieces of information:

• Session Name

• Start URL

• Region

• Registration Scopes

AWS then authenticates you, you select your account, answer some more questions and it's done.

This time I keep getting an invalid_grant error after I authenticated myself.

The problem and solution turned out to be really simple. I selected the wrong region for IAM Identity Center. In my defence I mostly work with IAM Identity Center in my closest region but this was an older account and it was setup in a different region. Once I had the correct region everything worked correctly.