diff --git a/.aws/config b/.aws/config
deleted file mode 100644
index 3915c0c90de761f271d6f7defbc6effeeb6cbf36..0000000000000000000000000000000000000000
--- a/.aws/config
+++ /dev/null
@@ -1,6 +0,0 @@
-# vim: ft=cfg
-[profile shore]
-region = us-east-1
-
-[profile schoolinks]
-region = us-east-1
diff --git a/.aws/config.j2 b/.aws/config.j2
new file mode 100644
index 0000000000000000000000000000000000000000..6291cc6032cfa1e07571d87fe7934144049c7bab
--- /dev/null
+++ b/.aws/config.j2
@@ -0,0 +1,14 @@
+# vim: ft=cfg
+[profile shore]
+region = us-east-1
+
+[profile schoolinks]
+region = us-east-1
+sso_session = schoolinks
+sso_account_id = {{ run(["ph", "show", "--field", "Account ID", "SchooLinks/AWS SSO"])["stdout"] }}
+sso_role_name = AdministratorAccess
+
+[sso-session schoolinks]
+sso_start_url = https://schoolinks-sso.awsapps.com/start
+sso_region = us-east-1
+sso_registration_scopes = sso:account:access
diff --git a/.aws/credentials.j2 b/.aws/credentials.j2
index f92f47f9eb6b9dc0c366e2b53d4d2a31b9848236..c5ce38bebcfe3c0a33a9d7bfe8243f4e1d033d0a 100644
--- a/.aws/credentials.j2
+++ b/.aws/credentials.j2
@@ -2,7 +2,3 @@
 [shore]
 aws_access_key_id = {{ run(["ph", "show", "--field", "UserName", "shore.co.il/AWS CLI"])["stdout"] }}
 aws_secret_access_key = {{ run(["ph", "show", "--field", "Password", "shore.co.il/AWS CLI"])["stdout"] }}
-
-[schoolinks]
-aws_access_key_id = {{ run(["ph", "show", "--field", "UserName", "SchooLinks/AWS access key"])["stdout"] }}
-aws_secret_access_key = {{ run(["ph", "show", "--field", "Password", "SchooLinks/AWS access key"])["stdout"] }}