search

amazon-archives / awsmobile-cli

CLI experience for Frontend developers in the JavaScript ecosystem.
Apache License 2.0
142 stars 35 forks source link

Cross-Account ( profile ) Support #113

Closed LXensen closed 6 years ago

LXensen commented 6 years ago

I am trying to migrate an existing Angular-based Mobilehub project ( Project A ) generated by me, under my account, to a Mobilehub project ( Project B ) under an Assumed Role to a different account.

I am able to create the Mobilehub project under the Assumed Role by Importing the mobile-hub-project.yml of Project A. I now have the resources provisioned for Project B

I’m able to push the Project A code to Codecommit repository in Assumed Role account using git credential-helper invoking the --profile flag

!aws codecommit credential-helper --profile MyCrossAccountAccessProfile $@"

But the cli throws an error when I try to init the code to the project id of Project B

awsmobile init <project_b_id>

failed to link to backend awsmobile project with id = project_b_id

Should the awsmobile cli support the --profile flag, or am I doing something wrong?

UnleashedMind commented 6 years ago

before you run awsmobile init, get out of any valid awsmobilejs project, and run awsmobile configure aws --profile MyCrossAccountAccessProfile. This sets the general aws access configuration for the awsmobile-cli, which will be used next time when you execute awsmobile init or awsmobile start.

then cd to your local project root folder, and execute: awsmobile init <project_b_id>

LXensen commented 6 years ago

Ah! That makes way more sense that what I was trying to do. Thanks.

LXensen commented 6 years ago

I'm still not able to init the project.

I'm able to invoke AWS cli for mobile and see the projects listed in my other profile but I can't seem to init the backend.

$ aws mobile list-projects --profile MyCrossAccountAccessProfile
{
    "projects": [
        {
            "projectId": “<project_b_id>”, 
            "name": “PROJEC_NAME”
        }
    ]
}

$ awsmobile configure aws --profile MyCrossAccountAccessProfile

configure aws
Setting awsmobile-cli to use named profile: MyCrossAccountAccessProfile

Done

$ awsmobile init <project_b_id>

this project's backend is currently set to be <project_a>
with mobile project id = <project_a_id>
and was initialized at 2018-05-01-17-46-04
? switch backend to awsmobile project with id = project_b_id Yes
init will now try to switch to the newly specified backend

failed to link to backend awsmobile project with id = <project_b_id>
{ NotFoundException: No such project exists : <project_b_id>
   .
   .
  message: 'No such project exists : <project_b_id>',
  code: 'NotFoundException',
 }

I also tried 

$ export AWS_PROFILE=MyCrossAccountAccessProfile

per the AWS CLI docs but no luck.

my ~/.aws/config 

[default]
region = us-east-1
output = json

[profile MyCrossAccountAccessProfile]
role_arn = arn:aws:iam::*****************:role/MyCrossAccountAccessProfile
region = us-east-1
source_profile = default

and ~/.aws/credentials

[default]
aws_access_key_id = MYACCESSKEYID
aws_secret_access_key = mysecretaccesskey

[MyCrossAccountAccessProfile]
aws_access_key_id = MYACCESSKEYID
aws_secret_access_key = mysecretaccesskey