aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.64k stars 3.91k forks source link

[AWS SSO] SSO credentials expired, but error message saids unable to resolve AWS account #20896

Open TiansuYu opened 2 years ago

TiansuYu commented 2 years ago

Describe the bug

When trying to deploy stacks through cdk deploy, if your local aws sso crendentials has expired, cdk CLI will prompt the following message:

Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment

which leads users to debug their CLI configurations (either through cdk ... --profile xxx or set env var such as AWS_PROFILE and CDK_DEFAULT_PROFILE.) But the real issue I had was that my AWS SSO session has expired, I just need to do aws sso login again.

I think this error message is misleading in this situation and needs to be improved.

Expected Behavior

When your AWS SSO session has expired, cdk CLI should prompt you with error message such as The SSO session associated with profile $<some-profile> has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.

Current Behavior

CDK CLI cannot tell the difference between an expired AWS SSO credential and your AWS profile is unset with regard to CDK.

Reproduction Steps

Point CDK CLI to an expired AWS SSO profile, and have a local dummy stack definition. Then run cdk deploy.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.28.1 (build d035432)

Framework Version

No response

Node.js Version

18.2.0

OS

MacOS 12.4

Language

Typescript

Language Version

No response

Other information

No response

peterwoodworth commented 2 years ago

Thanks for submitting this, we accept contributions! Check out our contributing guide if you're interested - there's a low chance the team will be able to address this soon but we'd be happy to review a PR 🙂

TiansuYu commented 2 years ago

I am not a typescript expert but will take a look and see what I can do about it.

TheRealAmazonKendra commented 2 weeks ago

We will improve this error message as a part of https://github.com/aws/aws-cdk/pull/31702

TheRealAmazonKendra commented 2 weeks ago

From the testing I've done, this error message is now clear when these credentials have expired.