After further investigation, it appears to be looking for the SSO cached creds in the wrong file. (e.g. ...\.aws\sso\cache\8c949bbb2b27179c4e6e5d24c11b8bb3ada23a2a.json ). However, that file doesn't exist. When I manually create that file, all works fine. Any idea where it's getting the name of the cache file from?