Open adonskoy opened 1 year ago
MattWiersma
commented
1 year ago I am seeing the same issue using the AwsToolkit in IntelliJ:
the config file that I am using looks like this:
[profile silver]
sso_session = my-sso
sso_account_id = 555614872555
sso_role_name = silver-developer
region = us-west-2
output = json
[sso-session my-sso]
sso_start_url = https://my-login-source.awsapps.com/start/
sso_region = us-west-2
dylanenabled
commented
1 year ago I am having the same issue, it doesn't support sso_session.
petercoulton
commented
1 year ago Had a quick look at the code and it's currently checking the profile for the sso_start_url property, but doesn't have a branch for profiles using the sso_session property.
A work around that works for me is to create an additional profile and copy the sso-session fields e.g.:
[profile silver]
sso_session = my-sso
sso_account_id = 555614872555
sso_role_name = silver-developer
region = us-west-2
output = json
[sso-session my-sso]
sso_start_url = https://my-login-source.awsapps.com/start/
sso_region = us-west-2
[profile silver-ide]
sso_start_url = https://my-login-source.awsapps.com/start/
sso_region = us-west-2
sso_account_id = 555614872555
sso_role_name = silver-developer
region = us-west-2
output = json
edeesis
commented
1 year ago We recently ran into this as well, looks like the workaround is to hit enter on the SSO session name (Recommended): prompt, and the CLI will use the old Legacy format.
tkhill-AWS
commented
1 year ago We will advising users in the SDK guides to use a default profile as shown in the following sample. But I'm currently getting the same error as the others, but with this error message,java.lang.IllegalArgumentException: Profile 'default' is not using role-based, session-based, process-based, or basic credentials.
[default]
sso_session = my-sso
sso_account_id = 1234567890
sso_role_name = AdministratorAccess
region = us-east-1
output = json
[sso-session my-sso]
sso_start_url = https://blahblah.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
leonchik1976
commented
1 year ago Same issue with PyCharm
frankwese
commented
1 year ago As a workaround it is sufficient to copy the sso_start_url and sso_region properties from the [sso-session] block into the [profile] block
[profile my-sso]
sso_session = my-sso
sso_account_id = 1234567890
sso_role_name = AWSAdministratorAccess
region = eu-central-1
output = json
sso_start_url = https://dings-bums.awsapps.com/start
sso_region = eu-central-1
[sso-session my-sso]
sso_start_url = https://dings-bums.awsapps.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access
JKomoroski
commented
1 year ago I ran into this issue today. I was able to work around it following the work around above from @frankwese
adonskoy
commented
1 year ago @rli, it's been about a year since aws introduced sso sessions. Any estimate on when this will be supported in the toolkit?
Describe the bug AWS IAM Identity Center (successor to AWS Single Sign-On) introduces a new kind of configuration, sso-session, which can be referenced by a profile. The toolkit does not load profile when sso_session is used.
To reproduce
aws configure ssojava.lang.IllegalArgumentException: Profile 'test-profile' is not using role-based, session-based, process-based, or basic credentials.Expected behavior The toolkit recognizes this type of profile and allows you to use it.
Your Environment