diff --git a/zsh/.local/share/zsh/functions/aws-logout b/zsh/.local/share/zsh/functions/aws-logout
index eb267f4..678cd1c 100644
--- a/zsh/.local/share/zsh/functions/aws-logout
+++ b/zsh/.local/share/zsh/functions/aws-logout
@@ -1,3 +1,3 @@
 aws-logout() {
-  unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_ENVIRONMENT
+  unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_ENVIRONMENT AWS_PROFILE
 }
diff --git a/zsh/.local/share/zsh/functions/aws-sso-login b/zsh/.local/share/zsh/functions/aws-sso-login
new file mode 100644
index 0000000..f9e28f7
--- /dev/null
+++ b/zsh/.local/share/zsh/functions/aws-sso-login
@@ -0,0 +1,30 @@
+aws-sso-login() {
+    local profile="${1:-$AWS_PROFILE}"
+
+    if [[ -z "$profile" ]]; then
+        profile=$(aws configure list-profiles \
+          | fzf --height 40% --reverse --no-preview)
+    fi
+
+    if [[ -z "$profile" ]]; then
+        echo "Error: No profile provided or selected." >&2
+        return 1
+    fi
+
+    # Validate existing session; login if expired or missing
+    if ! aws sts get-caller-identity --profile "$profile" &>/dev/null; then
+        aws sso login --use-device-code --profile "$profile" || return 1
+    fi
+
+    # Export credentials to environment for third-party tools
+    local creds
+    creds=$(aws configure export-credentials --profile "$profile" --format env)
+    if [[ $? -eq 0 ]]; then
+        eval "$creds"
+        export AWS_PROFILE="$profile"
+        # echo "Environment configured for profile: $profile"
+    else
+        echo "Error: Failed to export credentials." >&2
+        return 1
+    fi
+}
diff --git a/zsh/.zshrc b/zsh/.zshrc
index a46705e..237c208 100644
--- a/zsh/.zshrc
+++ b/zsh/.zshrc
@@ -48,9 +48,9 @@ zstyle ':vcs_info:git*' actionformats '%%S%r%%s:%{$fg[red]%}%b:%a%{$reset_color%
 
 function set_prompt() {
 
-    if [[ -n "$AWS_ENVIRONMENT" ]]; then
+    if [[ -n "$AWS_PROFILE" ]]; then
       aws_prompt="
-%S%B$AWS_ENVIRONMENT%b%s
+%S%B$AWS_PROFILE%b%s
 "
     else
       aws_prompt=""