search

aws / aws-toolkit-vscode

Amazon Q, CodeCatalyst, Local Lambda debug, SAM/CFN syntax, ECS Terminal, AWS resources
https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscode
Apache License 2.0
1.41k stars 344 forks source link

WSL: Cannot connect: login: failed ... Socket is closed #2616

Open developer202020 opened 2 years ago

developer202020 commented 2 years ago

Desktop (please complete the following information):

Question

Cannot connect to AWS with AWS Toolkit [ERROR]: login: failed to connect with "profile:PROFILE_NAME": Socket is closed

JadenSimon commented 2 years ago

Hey @developer202020

Could you provide more information about your setup and/or more of your logs? Try setting the extension log-level to debug through the settings item aws.logLevel:

Screen Shot 2022-05-04 at 8 30 23 AM

Make sure to omit any potentially sensitive details. Any information about what type of credentials profile you're using (SSO/MFA/credential_process/Some combination) would also be very helpful!

developer202020 commented 2 years ago

Hi JadenSimon,

We use MFA

Step 1 Open AWS Toolkit

Step 2 Select "Connect to AWS..."

Step 3 "Select a credentials profile" (we select NAME4 - see the config below) image

Step 4 Enter code for MFA device image

Step 5 View logs image

config file [default] region = REGION output = text

[profile NAME2] role_arn=arn:aws:iam::YYYYY:role/ROLE_NAME output = text region = REGION s3 = signature_version = s3v4

[profile NAME4] role_arn=arn:aws:iam::YYYYY:role/ROLE_NAME source_profile=NAME2 region = REGION mfa_serial=arn:aws:iam::XXXXXX:mfa/USER_NAME

[profile NAME5] role_arn=arn:aws:iam::YYYYY:role/ROLE_NAME source_profile=NAME2 region = REGION mfa_serial=arn:aws:iam::XXXXXX:mfa/USER_NAME

credentials file [NAME1] aws_access_key_id=XXXXX aws_secret_access_key=XXXXX aws_mfa_device=arn:aws:iam::XXXXX:mfa/USER_NAME

[NAME2] assumed_role=False aws_access_key_id = XXXXX aws_secret_access_key = XXXXX aws_session_token = XXXXX

[default] aws_access_key_id=XXXXX aws_secret_access_key=XXXXX aws_session_token=XXXXX

image image

justinmk3 commented 2 years ago

"Select a credentials profile" (we select NAME4 - see the config below)

Does the NAME4 profile work with other tools, e.g. aws cli?

aws --profile NAME4 s3 ls
developer202020 commented 2 years ago

image

developer202020 commented 2 years ago

We removed aws_session_token = from the credentials file and run aws --profile NAME4 s3 ls image

JadenSimon commented 2 years ago

Are the NAME2 credentials being generated? I only ask because I have not seen assumed_role=False before. The Socket is closed message could be due to WSL2 but I'm not sure. Does NAME2 need an MFA code too or just NAME4?

developer202020 commented 2 years ago

NAME4 will need an MFA code, yes USER_NAME - IAM user name

developer202020 commented 2 years ago

When we select NAME2 from the list of profiles (see Step 3 above) image

justinmk3 commented 2 years ago

If it doesn't work with aws cli (which is more forgiving that AWS SDK) then it's very unlikely to work with AWS Toolkit.

I couldn't find any WSL related issues on https://github.com/aws/aws-cli . But it may be worth raising an issue there.

JadenSimon commented 2 years ago

Looks like the exact error code is NetworkingError. Are you using a proxy? That may cause problems (this seems to be a good reference https://code.visualstudio.com/docs/remote/wsl#_im-behind-a-proxy-and-have-connectivity-issues)

justinmk3 commented 2 years ago

for WSL + VPN + Cisco, see also https://github.com/aws/aws-toolkit-vscode/issues/1327#issuecomment-724120566