When you configure an AWS CLI profile for SSO, every command you run—even those against LocalStack—requires authentication via a valid SSO session. The CLI automatically checks for a cached SSO access token and, if missing or expired, prompts you to run aws sso login. Only after that token is retrieved can the CLI issue (mock or real) AWS API calls. This is documented in the AWS CLI behavior around IAM Identity Center sessions and SSO tokens.
AWS Doc: https://docs.aws.amazon.com/cli/latest/reference/sso/login.html?

"To login, the requested profile must have first been setup using aws configure sso. Each time the login command is called, a new SSO access token will be retrieved."

For LocalStack, you can bypass this by using a non-SSO profile with dummy static credentials (aws_access_key_id and aws_secret_access_key), since LocalStack does not validate them. This prevents unnecessary SSO logins while still allowing AWS CLI and SDKs to function locally.