Skip to main content
The MilkStraw CLI (@milkstraw/cli) is a developer-friendly alternative to the web-based Quickstart. Use it to start or maintain your MilkStraw integration without leaving your terminal.
Prerequisites
  • An active MilkStraw AI account
  • The AWS CLI installed and configured
  • AWS credentials with access to your AWS Organization management account

Configure AWS credentials

Set up credentials using one of: 
aws configure      # Access key + secret
aws configure sso  # SSO login (recommended)
Verify your credentials are working: 
aws sts get-caller-identity

Quick start

Run setup to authenticate, setup and deploy the MilkStraw cross role through CloudFormation stacks into your AWS organization: 
npx @milkstraw/cli setup

Commands

CommandDescription
milkstraw loginInteractive browser login
milkstraw logoutRevoke token and clear local auth
milkstraw setupComplete onboarding and deploy stacks
milkstraw statusCheck deployment status
milkstraw updateUpdate deployed stacks to latest templates
milkstraw org listList accessible organizations

Global options

OptionDescription
--org <id>Specify organization ID
--aws-profile <name>Override the AWS named profile
--jsonOutput as JSON
--quietOutput data only
--markdownOutput as Markdown
--verboseEnable verbose output
--agentAgent-safe mode (no prompts, no spinners)

Environment variables

VariableDescription
MILKSTRAW_ORGDefault organization ID
MILKSTRAW_AWS_PROFILEDefault AWS profile name

AWS credential resolution

The CLI uses the AWS SDK for JavaScript v3 credential provider chain. Without --aws-profile, credentials are resolved in this order:
  1. Environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
  2. SSO token cache at ~/.aws/sso/cache
  3. Shared credentials file at ~/.aws/credentials (default profile)
  4. Shared config file at ~/.aws/config
  5. ECS container or EC2 instance metadata
With --aws-profile <name> (or MILKSTRAW_AWS_PROFILE), the SDK skips environment variables and uses the named profile from ~/.aws/config and ~/.aws/credentials.

Authentication

Tokens are stored at ~/.config/milkstraw-cli/token. Login uses the OAuth device code flow via your browser. Run milkstraw logout at any time to revoke the token and clear local auth.