Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Fail when using AWS profile with SSO with sso-session #54

Closed
Flydiverny opened this issue Feb 2, 2024 · 3 comments · Fixed by #55
Closed

Bug: Fail when using AWS profile with SSO with sso-session #54

Flydiverny opened this issue Feb 2, 2024 · 3 comments · Fixed by #55
Labels
bug Something isn't working triage

Comments

@Flydiverny
Copy link

Flydiverny commented Feb 2, 2024
edited
Loading

Expected Behaviour

Supports SSO profiles using sso-session for authentication.

Current Behaviour

Credential chain fails

Code snippet

[sso-session SESSION_NAME]
sso_start_url = https://REDACTED.awsapps.com/start
sso_region = eu-west-1
sso_registration_scopes = sso:account:access

[profile PROFILE_NAME]
sso_account_id = 123456789000
sso_role_name = Administrator
region = eu-west-1
sso_session = SESSION_NAME

Possible Solution

Update aws-sdk-rust 😄

Steps to Reproduce

  1. Install eksup
  2. Setup your aws config like code snippet
  3. Set AWS_PROFILE to your SSO profile
  4. Try analyze like eksup analyze -c cluster-v2 -r eu-west-1

eksup version

latest

Operating system

Linux x86_64

Error output

eksup analyze -c cluster-v2 -r eu-west-1 -v
   WARN aws_config::profile::parser::normalize: profile `sso-session SESSION_NAME` ignored because `sso-session SESSION_NAME` was not a valid identifier
    at /cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-config-1.1.3/src/profile/parser/normalize.rs:87

   WARN aws_config::meta::credentials::chain: provider failed to provide credentials, provider: Profile, error: the credentials provider was not properly configured: ProfileFile provider could not be built: profile `PROFILE_NAME` was not defined: `sso_region` was missing (InvalidConfiguration(InvalidConfiguration { source: "ProfileFile provider could not be built: profile `PROFILE_NAME` was not defined: `sso_region` was missing" }))
    at /cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-config-1.1.3/src/meta/credentials/chain.rs:90
@Flydiverny Flydiverny added bug Something isn't working triage labels Feb 2, 2024
@Flydiverny
Copy link
Author

Seems like a fix to this was released recently for the rust sdk https://github.com/awslabs/aws-sdk-rust/releases/tag/release-2024-01-25

@brizaldi
Copy link

brizaldi commented Feb 7, 2024

Hi @Flydiverny, did you find temporary solution for this?

@Flydiverny
Copy link
Author

Hi @Flydiverny, did you find temporary solution for this?

Nah, I mean you can always assume a role and use some short lived credentials or use the old legacy SSO profile format which is the workaround our team used for terraform until they supported the sso-session format.

@bryantbiggs bryantbiggs mentioned this issue Feb 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Update dependencies to latest to support AWS SSO sso-session clowdhaus/eksup
2 participants
@Flydiverny @brizaldi