Open ianjukes opened 1 year ago
Me either, I am using m1 and cannot see any profiles that use the SSO or assume role. All the SSO profiles are linked to a single sso session. For example,
[profile test]
external_id=1d88xxxx
role_arn=arn:aws:iam::3604xxxx:role/xxxx
role_session_name=test
source_profile=dev
region=ap-northeast-2
[profile dev]
sso_session=common
sso_account_id=2160xxxx
sso_role_name=AdministratorAccess
region=ap-northeast-2
output=json
[default]
sso_session=common
sso_account_id=3701xxxx
sso_role_name=AdministratorAccess
region=ap-northeast-2
output=json
[sso-session common]
sso_start_url=https://xxxx.awsapps.com/start
sso_region=ap-northeast-2
sso_registration_scopes=sso:account:access
and I cannot see all of them. In this case, VSCode is the same.
The problem seems to be specifically with profiles that use the refreshable configuration, and not with those that use the legacy configuration. With other tools I've come across updating the SDK has helped with this, I'm not familiar enough with the Java SDK to verify this here.
I can offer a workaround though:
$ cat ~/.aws/config
[profile foo-legacy]
credential_process=aws configure export-credentials --profile=foo
[profile foo]
sso_session = default
sso_account_id = 123456789012
sso_role_name = bar
[sso-session default]
sso_start_url = https://foo.awsapps.com/start
sso_region = eu-west-2
sso_registration_scopes = sso:account:access
I'm getting this error when changing the config file with your suggestion:
Unable to connect to AWS: Failed to execute credential_process (aws): sh: aws: command not found
Any ideas @mjrlee? 🙏
@aragalie do you have the AWS CLI installed and on your path? It might help to use the full path to aws (defaults to /usr/bin/aws
)
You can find where aws is installed (if it is) with:
which aws
Yes, it is @mjrlee . Probably I'll wait then until the team pushes an update to the plugin to properly handle SSO profiles.
I've tried to connect with a similar configuration - when you remove the [sso-session common]
as a seperate configuration and add the sso info to each profile - it works
my guess is that the plugin doesn't support [sso-session] yet
similar to this issue: https://github.com/aws/aws-toolkit-jetbrains/issues/3411
there is a pr related to this issue: https://github.com/aws/aws-toolkit-jetbrains/pull/3672
Tried both of the suggested tweaks here on my M2 (SSO within the profile definition and creating legacy versions) but Rider seems to just use the default profile regardless of my profile choice in the UI.
I have the following configuration in my
~/.aws/config
file (anonymized for security), but when I switch profiles in the IntelliJ interface, it always shows the resources from thedefault
profile, even though the UI shows the correct profile name.Important things to note:
aws s3 ls --profile account1
shows the correct S3 bucketsToolkit: AWS Toolkit For JetBrains 1.61-223 OS: Mac OS X 13.2.1 IDE: IntelliJ IDEA Ultimate Edition 223