AWS SSO Support does not work

aws / aws-ec2-instance-connect-cli

This is an all-in-one client for EC2 Instance Connect that handles key brokerage and establishing connection to EC2 Instances through an interface near-identical to standard system ssh, sftp, and other utilities.

Apache License 2.0

160 stars 42 forks source link

AWS SSO Support does not work #17

Closed z0mbix closed 2 years ago

z0mbix commented 4 years ago

I currently have SSO credentials using the command aws sso login, which work fine for aws cli (v2) commands, but mssh does not support using these credentials:

mssh i-02d6e842cb8375f64
Unable to locate credentials

mssh --profile nonprod i-02d6e842cb8375f64
Unable to locate credentials

aws --version
aws-cli/2.0.0 Python/3.7.4 Darwin/19.3.0 botocore/2.0.0dev4

CptTZ commented 4 years ago

Thanks for reporting! We do not support parsing SSO credentials at this time, I have created a feature request for this.

bigwheel commented 4 years ago

FYI: Im using linaro-its/aws2-wrap as workaround.

urz9999 commented 3 years ago

Hi guys, maybe give a try to our project: Leapp, we recently added support for AWS SSO to help with incompatibilities with third party tools where you need to have credentials in standard .aws/credentials location to make them work. We manage AWS SSO login and retrieval of all the accounts/roles couple for you then we create short-lived temporary credentials in .aws/credentials file.

z0mbix commented 3 years ago

I ended up creating https://github.com/z0mbix/essh instead of using mssh. It supports AWS SSO from v0.0.5 onwards.

derektamsen commented 3 years ago

AWS SSO credentials with a recent pip install ec2instanceconnectcli appears to be working.

Name: ec2instanceconnectcli
Version: 1.0.2
Summary: Command Line Interface for AWS EC2 Instance Connect
Home-page: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html
Author: Amazon Web Services
Author-email: UNKNOWN
License: Apache License 2.0
Location: /home/user/.local/lib/python3.9/site-packages
Requires: cryptography, botocore
Required-by:

Reviewing the code it calls botocore.session.get_session() which means support for aws sso is based on whether the dependency botocore supports sso profiles. As of botocore 1.14.0, aws sso profiles are supported. I was able to successful use mssh to connect using aws sso with botocore 1.23.2.

Steps

pip install ec2instanceconnectcli
aws sso login --profile <your_sso_profile_config_name>
mssh --profile <your_sso_profile_config_name> --region <instance_region> <user>@<instance_id>

komapa commented 1 year ago

Thanks for reporting! We do not support parsing SSO credentials at this time, I have created a feature request for this.

What kind of joke is this? Official tool does not even follow the breaking changes from other teams.