Behavior of shared_config.go:validateSSOConfiguration does not allow reading credentials from environment variables if sso_account_id/sso_role_name is missing from ~/.aws/config

[christophetd]

See also hashicorp/terraform-provider-aws#17370

Describe the bug
validateSSOConfiguration introduced in 04e0775 (@skmcgrail) does not allow to have a SSO configuration partially defined in ~/.aws/config and using credentials coming from environment variables. I've encountered this issue while using Terraform (v0.14.5) with the AWS Provider 3.26.0 using the latest version of aws-sdk-go.

Version of AWS SDK for Go? v1.37.0

Version of Go (go version)? go1.15.6

To Reproduce (observed behavior)
Create the following ~/.aws/config:

[default]
sso_start_url=https://xxx.awsapps.com/start
sso_region=eu-central-1
cli_pager=
region=eu-west-1

[okta]
aws_saml_url=xxx

Typically, you'd then have additional entries:

[profile dev]
sso_account_id=123456789123
sso_role_name=MyRole

The bug occurs when you have valid credentials in your environment, e.g.

$ aws-vault exec dev # Or using the AWS CLI
$ aws sts get-caller-identity
{
    "UserId": "AROXXXXXXXx:[email protected]",
    "Account": "123456789123",
    "Arn": "arn:aws:sts::123456789123:assumed-role/AWSReservedSSO_MyRole_xxx/[email protected]"
}

... and try to run Terraform:

$ cat main.tf
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "3.26.0"
    }
  }
}

provider "aws" {
  region = "eu-west-1"
}

resource "aws_iam_user" "test" {
	name = "test"
}

$ terraform init && terraform apply
Error: error configuring Terraform AWS Provider: Error creating AWS session: profile "default" is configured to use SSO but is missing required configuration: sso_account_id, sso_role_name

Expected behavior
aws-sdk-go should take into account the credentials available in the environment and not crash on a (purposely incomplete) [default] entry in ~/.aws/config

[skmcgrail]

The fix in #3769 will be included in the next SDK release. Thank you for providing details on how to reproduce what you were seeing.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[christophetd]

Thanks @skmcgrail for the fix, do you have any time estimate for the next release?