Run this on a schedule to keep your aws sso login refreshed with minimal disruption.

aws-sso-refresh.sh

#!/usr/bin/env bash
# -*- coding: utf-8 -*-
# Create log directory if it doesn't exist
mkdir -p "$HOME/.local/logs"
# users environment is not preserved, add necessary env vars
# export AWS_PROFILE="Your-non-default-profile"
# use different browser so it does not interupt my default browser use
export BROWSER=/Applications/Safari.app/Contents/MacOS/Safari

LOG_FILE="$HOME/.local/logs/awsrefresh.log"
CURRENT_DATE=$(date +%Y-%m-%d)
LOCK_FILE="$HOME/.local/logs/.awsrefresh.date"

# Rotate log if it's a new day, prevent log from continually growing
if [[ -f "$LOCK_FILE" ]]; then
    LAST_DATE=$(cat "$LOCK_FILE")
    if [[ "$CURRENT_DATE" != "$LAST_DATE" ]]; then
        truncate -s 0 "$LOG_FILE"  # Truncate log for new day
        echo "$CURRENT_DATE" > "$LOCK_FILE"
    fi
else
    echo "$CURRENT_DATE" > "$LOCK_FILE"
fi

# Check if current time is within 8:30am-4pm window
CURRENT_HOUR=$(date +%H)
CURRENT_MINUTE=$(date +%M)
CURRENT_TIME_MINUTES=$((10#$CURRENT_HOUR * 60 + 10#$CURRENT_MINUTE))
START_TIME_MINUTES=$((8 * 60 + 30))  # 8:30am = 510 minutes
END_TIME_MINUTES=$((17 * 60))         # 5:00pm = 1020 minutes

# Check if it's a weekday (1=Monday, 5=Friday)
DAY_OF_WEEK=$(date +%u)

if [[ $DAY_OF_WEEK -ge 1 && $DAY_OF_WEEK -le 5 ]] && \
   [[ $CURRENT_TIME_MINUTES -ge $START_TIME_MINUTES && $CURRENT_TIME_MINUTES -lt $END_TIME_MINUTES ]]; then
    {
        echo "=== $(date) ==="
        # add --profile "${AWS_PROFILE}" if you are not using default profile
        /usr/local/bin/aws sso login 2>&1
        echo ""
    } >> "$LOG_FILE"

    # wait for browser window to pop up
    sleep 1s

    # strategy for using active browser
    # # Get the title
    # TITLE=$(osascript -e 'tell application "Google Chrome" to get title of active tab of window 1')
    # echo "closed tab: ${TITLE}" >> "${LOG_FILE}"
    # # Use it in a condition
    # if [[ "$TITLE" == *"AWS Authentication"* ]]; then
    #   osascript -e 'tell application "Google Chrome" to close active tab of window 1'
    # fi

    # strategy for using aws sso login specific BROWSER
    TAB_COUNT=$(osascript -e 'tell application "Safari" to count tabs of front window')
    if [ "$TAB_COUNT" -ge 2 ]; then
      osascript -e 'tell application "Safari" to close current tab of front window'
    fi
    osascript -e 'tell application "Safari" to set miniaturized of front window to true'
fi

com.user.awsssorefresh.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.user.awsssorefresh</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/bash</string>
        <string>-c</string>
        <string>$HOME/.local/bin/aws-sso-refresh.sh</string>
    </array>
    <key>KeepAlive</key>
    <false/>

    <key>StartCalendarInterval</key>
    <array>
        <dict>
            <key>Minute</key>
            <integer>0</integer>
        </dict>
    </array>

    <key>RunAtLoad</key>
    <true/>

    <key>StandardOutPath</key>
    <string>/tmp/launchd-out-aws-sso-refresh.log</string>

    <key>StandardErrorPath</key>
    <string>/tmp/launchd-error-aws-sso-refresh.log</string>
</dict>
</plist>

The plist file goes in $HOME/Library/LaunchAgents

enable the plist file with
launchctl load ~/Library/LaunchAgents/com.user.awsssorefresh.plist