From 1b1dc9b5fa192c396f9e68dececec112ee4c23f4 Mon Sep 17 00:00:00 2001
From: Eren Yeager <92114074+wty-Bryant@users.noreply.github.com>
Date: Thu, 27 Jul 2023 16:28:01 -0400
Subject: [PATCH] Modify resolving sso credential logic  (#4917)

* Modify and merge resolving sso credential logic
---
 CHANGELOG_PENDING.md       | 2 ++
 aws/session/credentials.go | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index 8a1927a39ca..5e9a8f5758a 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -3,3 +3,5 @@
 ### SDK Enhancements
 
 ### SDK Bugs
+* `aws/session`: Modify resolving sso credential logic to fix stack overflow bug while configuring shared config profile via env var.
+  * Fixes [4912](https://github.com/aws/aws-sdk-go/issues/4912)
\ No newline at end of file
diff --git a/aws/session/credentials.go b/aws/session/credentials.go
index 504d7268597..ea8e3537658 100644
--- a/aws/session/credentials.go
+++ b/aws/session/credentials.go
@@ -191,7 +191,10 @@ func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers req
 		if err != nil {
 			return nil, err
 		}
-		mySession := Must(NewSession())
+		// create oidcClient with AnonymousCredentials to avoid recursively resolving credentials
+		mySession := Must(NewSession(&aws.Config{
+			Credentials: credentials.AnonymousCredentials,
+		}))
 		oidcClient := ssooidc.New(mySession, cfgCopy)
 		tokenProvider := ssocreds.NewSSOTokenProvider(oidcClient, cachedPath)
 		optFns = append(optFns, func(p *ssocreds.Provider) {