search

aws / aws-cli

Universal Command Line Interface for Amazon Web Services
Other
15.46k stars 4.1k forks source link

sso_region is ignored when region differs in profile #8668

Closed jzelinskie closed 4 months ago

jzelinskie commented 5 months ago

Describe the bug

Given an AWS config with a single session and two profiles, if the profiles differ in region, the session cannot be shared, even if the sso-region is the same.

Expected Behavior

A login session from profile-east can be shared with profile-west

Current Behavior

A login to profile-east will not share a session with profile-west, despite having the same sso-region.

Reproduction Steps

$ cat ~/.aws/config
[sso-session my-session]
sso_start_url = https://my-org.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access

[profile profile-east]
sso_session = mysession
sso_role_name = admin
sso_account_id = 1110987654321
region = us-east-1

[profile profile-west]
sso_session = mysession
sso_role_name = admin
sso_account_id = 1234567891011
region = us-west-2

$ aws sso login --profile profile-east
...

$ aws eks list-clusters --profile profile-west

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.15.42 Python/3.11.9 Darwin/23.4.0 source/arm64 prompt/off

Environment details (OS name and version, etc.)

macOS 14.4.1

RyanFitzSimmonsAK commented 4 months ago

Hi @jzelinskie, thanks for reaching out. I wasn't able to reproduce this behavior. I have one sso-session with sso_region = us-west-2. I have two profiles with different regions (us-west-2 and us-west-1) that are otherwise identical. In my testing, I was able to access resources from my us-west-1 profile after logging into my us-west-2 profile. Am I misunderstanding the issue in some way?

Could you tell me exactly what error you're getting? Debug logs would be appreciated. You can get debug logs by adding --debug to your command, and redacting any sensitive information. Thanks!

github-actions[bot] commented 4 months ago

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

jzelinskie commented 4 months ago

Thanks for the --debug flag tip. I'll find some time to try this out with that flag to discover any new information.

github-actions[bot] commented 4 months ago

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.