Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does cdk support IAM profile #480

Closed
nikhilbhoj opened this issue Aug 2, 2018 · 6 comments · Fixed by #517
Closed

Does cdk support IAM profile #480

nikhilbhoj opened this issue Aug 2, 2018 · 6 comments · Fixed by #517
Assignees
@rix0rrr
Labels
guidance Question that needs advice or information.

Comments

@nikhilbhoj
Copy link

Hi,

I tried to run the cdk ls -l and I have multiple profile set up in my credential file.

This commands just hangs and I assume that cdk does not support profile too, as I cannot find the details in the help of cdk command.
@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 2, 2018

That's right, we don't support them yet. We do have it on the roadmap though.

In the mean time, the workaround is to populate your shell with the appropriate credentials.

@RomainMuller
Copy link
Contributor

You can actually try to select a profile using environment variables (AWS_PROFILE) before running cdk ls.

Also, we're using the AWS SDK for Javascript behind the scenes, and in some cases an attempt to call the EC2 Metadata Service can cause a very long pause. If you're not running on an EC2 instance, you could consider adding export AWS_EC2_METADATA_DISABLED=1 to your shell profile. This will disable the EC2 metadata service attempt that is built into the AWS SDK for Javascript, and consequentially this possible cause of a long pause.

@nikhilbhoj
Copy link
Author

Hi @RomainMuller , I did following
export AWS_EC2_METADATA_DISABLED=1 (as I am running in non EC2 instance)
export AWS_PROFILE=myprofile

and then try run cdk ls -l, it is still not working and hanging.
However, aws s3 ls --profile myprofile works and output s3 buckets that I own. This was just to test if my profile is not corrupted.

Also, I did all this in EC2 instance of Amazon Linux AMI, and it worked perfectly. However, their I didn't have multiple profile.

@RomainMuller
Copy link
Contributor

Hey @nikhilbhoj,

Okay. I was afraid of this but hoping it would work. It may help troubleshooting if you can collect the output of running cdk ls -l --verbose. That may contain information useful for us to understand what is going wrong.

@pchaganti
Copy link

👍

@rix0rrr rix0rrr mentioned this issue Aug 6, 2018
Closed
@rix0rrr rix0rrr self-assigned this Aug 6, 2018
@nikhilbhoj
Copy link
Author

Hey @RomainMuller , I did following as suggested by you. I hope this information may help.

vagrant@vagrant:/hello-cdk$ echo $AWS_EC2_METADATA_DISABLED
1
vagrant@vagrant:/hello-cdk$ echo $AWS_PROFILE
myprofile
vagrant@vagrant:~/hello-cdk$ aws s3 ls --profile myprofile
2018-04-17 02:17:32 XXXXXX-bucket
2018-05-22 12:13:37 terraform-state-bucket-112

vagrant@vagrant:~/hello-cdk$ cdk ls -l --verbose
Command line arguments: { _: [ 'ls' ],
trace: false,
strict: false,
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
verbose: true,
v: true,
'version-reporting': undefined,
versionReporting: undefined,
version: false,
help: false,
long: true,
l: true,
'$0': '/home/vagrant/.npm-global/bin/cdk',
app: undefined,
context: undefined,
plugin: undefined,
rename: undefined }
Defaults: {
"app": "node index.js"
}
Setting "aws:cdk:toolkit:default-region" context to ap-southeast-2
Resolving default credentials
Looking up default account ID from STS

It is getting stuck here.

rix0rrr pushed a commit that referenced this issue Aug 7, 2018
Toolkit: support profiles
fbf2975 
This adds support for AWS profiles to the CDK toolkit.

At the same time, it overhauls how the AWS SDK is configured. The
configuration via environment variables set at just the right time
is removed, and we reimplement some parts of the SDK in an
AWS CLI-compatible way to get a consistent view on the account ID
and region based on the provided configuration.

Fixes a bug in the AWS STS call where it would do two default
credential lookups (down to one now).

Fixes #480.
@rix0rrr rix0rrr mentioned this issue Aug 7, 2018
Merged
rix0rrr added a commit that referenced this issue Aug 7, 2018
@rix0rrr
Toolkit: support profiles (#517)
6846b60 
This adds support for AWS profiles to the CDK toolkit.

At the same time, it overhauls how the AWS SDK is configured. The
configuration via environment variables set at just the right time
is removed, and we reimplement some parts of the SDK in an
AWS CLI-compatible way to get a consistent view on the account ID
and region based on the provided configuration.

Fixes a bug in the AWS STS call where it would do two default
credential lookups (down to one now).

Fixes #480.
@srchase srchase added guidance Question that needs advice or information. and removed question labels Jan 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Toolkit: support profiles aws/aws-cdk
6 participants
@pchaganti @RomainMuller @debora-ito @rix0rrr @srchase @nikhilbhoj