search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.49k stars 1.17k forks source link

local start-api fails with expired SSO token #6012

Open zeenau opened 11 months ago

zeenau commented 11 months ago

Description:

running sam local start-api fails with error wihtout sso token (not logged into aws)

Lambda functions containers initialization failed because of Error when retrieving token from sso: Token has expired and refresh failed Error: Lambda functions containers initialization failed

Steps to reproduce:

  1. aws is configured to use sso (not default)
  2. sso token is not available or is expired
  3. start local lambda

Observed result:

Lambda functions containers initialization failed because of Error when retrieving token from sso: Token has expired and refresh failed Error: Lambda functions containers initialization failed

Expected result:

Running lambda locally shouldn't require (or fail) without an active/valid sso session with aws.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: Windows 11
  2. sam --version: SAM CLI, version 1.97.0
  3. AWS region: N/A 
    {
"version": "1.97.0",
"system": {
"python": "3.8.8",
"os": "Windows-10-10.0.22000-SP0"
},
"additional_dependencies": {
"docker_engine": "24.0.2",
"aws_cdk": "Not available",
"terraform": "1.5.3"
},
"available_beta_feature_env_vars": [
"SAM_CLI_BETA_FEATURES",
"SAM_CLI_BETA_BUILD_PERFORMANCE",
"SAM_CLI_BETA_TERRAFORM_SUPPORT",
"SAM_CLI_BETA_RUST_CARGO_LAMBDA"
]
}

Loading AWS credentials from session with profile 'None' 2023-09-29 11:17:38,182 | Exception raised during the execution 2023-09-29 11:17:38,183 | Lambda functions containers initialization failed because of Error loading SSO Token: Token for AWS-DEV does not exist

sriram-mv commented 11 months ago

Credentials are passed into the container if available. So, that message is legitimate. Is the concern that the messaging is not clear?

ak99372 commented 11 months ago

@sriram-mv no, the concern is that I'm blocked from running the function locally without logging into aws first. Not sure how much value there is in passing aws credentials to local instance, can it actually validate those credentials or it just checks expiry?What options do I have when offline (don't have access to login to aws) is there an option to opt out from passing expired session to local instance?