[flyt]

AWS best practices is to use AWS SSO, which accomplishes this same effect but without any long-lived local credentials. It works really well.

[LilBytes]

Depending on your IdP there's a few tools in addition to AWS CLI v2 that works well in this space.

aws-vault is one of them, though out of support now, aws-okta [1] is another.

[1] https://github.com/segmentio/aws-okta

[nijave]

Used to use that a few years ago and it worked pretty well--you can also set it as a credential helper in your AWS config.

Just an FYI it's no longer supported and it looks like the fork has gone stagnant, too.