docs: add readme for sso credential provider

Author: AllanZhengYP

packages/credential-provider-ini/README.md

@@ -90,7 +90,7 @@ aws_access_key_id=foo
 aws_secret_access_key=bar
 
 [first]
-source_profile=first
+source_profile=second
 role_arn=arn:aws:iam::123456789012:role/example-role-arn
 ```
 
@@ -125,3 +125,46 @@ credential_source = EcsContainer
 web_identity_token_file=/temp/token
 role_arn=arn:aws:iam::123456789012:role/example-role-arn
 ```
+
+You can specify using the `first` profile which will assume a role
+`example-role` with the role `example-role-2` which derived from web
+identity token file.
+
+```ini
+[second]
+web_identity_token_file=/temp/token
+role_arn=arn:aws:iam::123456789012:role/example-role-2
+
+[first]
+source_profile=second
+role_arn=arn:aws:iam::123456789012:role/example-role
+```
+
+### profile with sso credentials
+
+Please refer the the [`sso credential provider package`](https://www.npmjs.com/package/@aws-sdk/credential-provider-sso)
+for how to configure the SSO credentials.
+
+```ini
+[default]
+sso_account_id = 012345678901
+sso_region = us-east-1
+sso_role_name = SampleRole
+sso_start_url = https://d-abc123.awsapps.com/start
+```
+
+You can specify using the `first` profile which will assume a role
+`example-role` with the role `example-role-2` which derived from SSO
+credentials.
+
+```ini
+[second]
+sso_account_id = 012345678901
+sso_region = us-east-1
+sso_role_name = example-role-2
+sso_start_url = https://d-abc123.awsapps.com/start
+
+[first]
+source_profile=second
+role_arn=arn:aws:iam::123456789012:role/example-role
+```

packages/credential-provider-sso/README.md

@@ -6,20 +6,37 @@
 ## AWS Credential Provider for Node.js - AWS Single Sign-On (SSO)
 
 This module provides a function, `fromSSO`, that creates
-`CredentialProvider` functions that read from [AWS SDKs and Tools
-shared configuration and credentials
-files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html).
-Profiles in the `credentials` file are given precedence over
-profiles in the `config` file. This provider loads the
+`CredentialProvider` functions that read from the
 _resolved_ access token from local disk then requests temporary AWS
 credentials. For guidance on the AWS Single Sign-On service, please
 refer to [AWS's Single Sign-On documentation](https://aws.amazon.com/single-sign-on/).
 
+You can create the `CredentialProvider` functions using the inline SSO
+parameters(`ssoStartUrl`, `ssoAccountId`, `ssoRegion`, `ssoRoleName`) or load
+them from [AWS SDKs and Tools shared configuration and credentials files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html).
+Profiles in the `credentials` file are given precedence over
+profiles in the `config` file.
+
+This credential provider is intended for use with the AWS SDK for Node.js.
+
+This credential provider **ONLY** supports profiles using the SSO credential. If
+you have a profile that assumes a role which derived from the SSO credential,
+you should use the `@aws-sdk/credential-provider-ini`, or
+`@aws-sdk/credential-provider-node` package.
+
 ## Supported configuration
 
 You may customize how credentials are resolved by providing an options hash to
 the `fromSSO` factory function. The following options are supported:
 
+- `ssoStartUrl`: The URL to the AWS SSO service. Required if any of the `sso*`
+  options(except for `ssoClient`) is provided.
+- `ssoAccountId`: The ID of the AWS account to use for temporary credentials.
+  Required if any of the `sso*` options(except for `ssoClient`) is provided.
+- `ssoRegion`: The AWS region to use for temporary credentials. Required if any
+  of the `sso*` options(except for `ssoClient`) is provided.
+- `ssoRoleName`: The name of the AWS role to assume. Required if any of the
+  `sso*` options(except for `ssoClient`) is provided.
 - `profile` - The configuration profile to use. If not specified, the provider
   will use the value in the `AWS_PROFILE` environment variable or `default` by
   default.