Please provide support for AWS SSO

pcolmer commented 4 years ago

Context

We're trying to migrate to using AWS SSO for all user authentication. Initial testing suggests that ecs-cli doesn't work with SSO authentication. Various errors are reported depending on what we try to do, e.g.:

$ ecs-cli configure profile --profile-name QA_Admin-495570029050
FATA[0000] secret-key can not be empty

That makes sense because the specified profile is an SSO profile and there are no hardwired secrets.

Trying to use --aws-profile instead gives this error:

FATA[0024] Error executing 'up': NoCredentialProviders: no valid
providers in chain
caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
SharedCredsLoad: failed to load profile, QA_Admin-495570029050.

Alternatives

Since credentials returned from AWS SSO typically only last one hour, it would be painful to keep on updating the ecs-cli profile with the current secret values.

Has the feature been requested before?

Not as far as I can tell by searching.

dank7723 commented 4 years ago

+1, yes, please. this would really simplify dev workflows.

gwynnarth commented 3 years ago

AWS CLI v2 is GA and using SSO is something that will become much more common, I think. We're migrating to it as well, but hitting roadblocks like this one.

As a stop-gap solution we're using https://github.com/victorskl/yawsso but it's just a workaround, therefore proper support for AWS SSO would be very much welcome.