Support for AWS SSO was added in AWS SDK for Go v1.37.0 (Release Release v1.37.0 · aws/aws-sdk-go · GitHub), but rclone does not recognize SSO credentials. The environment variable AWS_PROFILE has been set and the AWS CLI is able to use SSO credentials, but rclone throws an error.
I found a similar forum that concluded once support for SSO was added to the AWS SDK for Go, rclone should be able to use SSO credentials, but this doesn't seem to be the case.
rclone v1.56.0-beta.5405.6366d3dfc - os/version: Microsoft Windows 10 Enterprise 2009 (64 bit) - os/kernel: 10.0.19042.804 (x86_64) - os/type: windows - os/arch: amd64 - go/version: go1.16.3 - go/linking: dynamic - go/tags: cmount
Windows 10, 64 bit
rclone ls s3: -vv
[s3] type = s3 env_auth = true region = us-east-1 storage_class = GLACIER provider = AWS
C:\Users\User>rclone ls s3: -vv 2021/04/15 13:25:06 DEBUG : Using config file from "C:\\Users\\User\\.config\\rclone\\rclone.conf" 2021/04/15 13:25:06 DEBUG : rclone: Version "v1.56.0-beta.5405.6366d3dfc" starting with parameters ["rclone" "ls" "s3:" "-vv"] 2021/04/15 13:25:06 DEBUG : Creating backend with remote "s3:" panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x18 pc=0x12e0429] goroutine 66 [running]: github.com/aws/aws-sdk-go/aws/credentials/stscreds.(*WebIdentityRoleProvider).RetrieveWithContext(0xc000170c60, 0x2179be8, 0xc00003c050, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) firstname.lastname@example.org/aws/credentials/stscreds/web_identity_provider.go:111 +0x69 github.com/aws/aws-sdk-go/aws/credentials/stscreds.(*WebIdentityRoleProvider).Retrieve(0xc000170c60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2bd98cd8, ...) email@example.com/aws/credentials/stscreds/web_identity_provider.go:104 +0x9d github.com/aws/aws-sdk-go/aws/credentials.(*ChainProvider).Retrieve(0xc0007c0ff0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) firstname.lastname@example.org/aws/credentials/chain_provider.go:75 +0x10b github.com/aws/aws-sdk-go/aws/credentials.(*Credentials).singleRetrieve(0xc00025b300, 0x2179e18, 0xc000502200, 0x0, 0x0, 0x0, 0x0) email@example.com/aws/credentials/credentials.go:279 +0x562 github.com/aws/aws-sdk-go/aws/credentials.(*Credentials).GetWithContext.func1(0x0, 0x0, 0x0, 0x0) firstname.lastname@example.org/aws/credentials/credentials.go:255 +0x91 github.com/aws/aws-sdk-go/internal/sync/singleflight.(*Group).doCall(0xc00025b300, 0xc00004c960, 0x0, 0x0, 0xc00007afc0) email@example.com/internal/sync/singleflight/singleflight.go:97 +0x35 created by github.com/aws/aws-sdk-go/internal/sync/singleflight.(*Group).DoChan firstname.lastname@example.org/internal/sync/singleflight/singleflight.go:90 +0x2cc