AWS Java SDK not finding profile when using AWS SSO
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
When the AWS Java SDK cannot find or use an AWS SSO profile, the problem is usually one of four things: the code is using the wrong profile name, the application is using an SDK version or modules that do not support IAM Identity Center credentials properly, the SSO login session was never established, or the program is not reading the shared AWS config profile you expected. The fix is to make the profile explicit, use the Java SDK v2 credential providers, and confirm the CLI SSO login completed before the SDK runs.
Understand Where SSO Profiles Live
AWS SSO profiles are typically stored in ~/.aws/config, not just in ~/.aws/credentials. A profile might look like this:
If your code asks for my-profile but the config defines my-sso, the SDK is not going to guess your intent.
Use the AWS SDK for Java 2.x
Modern SSO profile support belongs in the Java SDK v2 credential chain. A straightforward client setup looks like this:
This is clearer than depending on whatever happens to be the current default profile.
Make Sure the SSO Session Exists
The SDK cannot use an SSO profile until you have logged in through the AWS CLI.
If the cached SSO token is missing or expired, the SDK may fail with a profile or credential-loading error even though the config file looks correct.
Let the Default Chain Use the Right Profile
If you do not want to hard-code the profile name, set it through environment or system properties.
Or with Java:
Then the default credentials provider chain can resolve that profile.
Check Your Dependencies
For SSO-backed profiles in SDK v2, make sure the relevant auth modules are on the classpath. In practice that usually means your build includes the normal SDK auth pieces and the SSO support modules alongside the service client you are using.
If you are still on SDK v1, this is often the real reason the profile is “not found.” The old profile providers were built around static keys and role-based profiles, not today’s IAM Identity Center flow.
Troubleshoot the Actual Failure Mode
A few checks isolate the problem quickly:
- verify the profile name in code matches the config file exactly
- run
aws sso login --profile my-sso - confirm the app uses Java SDK v2 credentials support
- set
AWS_PROFILEor useProfileCredentialsProvider.create("my-sso") - inspect whether the process is running under a different home directory than you expected
The last point matters in containers and CI, where ~/.aws/config may not exist at all.
Common Pitfalls
- Using an SSO profile name in code that does not match the config file.
- Expecting
~/.aws/credentialsalone to contain all SSO configuration. - Forgetting to run
aws sso loginbefore launching the Java application. - Using older SDK patterns that do not support IAM Identity Center credentials properly.
- Debugging the Java code first when the real issue is a missing or expired CLI SSO session.
Summary
- AWS SSO profiles are usually defined in the shared AWS config file.
- Use AWS SDK for Java 2.x credential providers for SSO-backed profiles.
- Log in first with
aws sso login --profile .... - Make the profile explicit with
ProfileCredentialsProvider,AWS_PROFILE, oraws.profile. - If the app still cannot load the profile, check the runtime home directory and SDK dependencies next.

