CLI does not work in codespaces/devcontainers

[mwisnicki]

Problem

Steps to reproduce the issue

1. Build codespaces with following devcontainer.json:

   {
   "image": "mcr.microsoft.com/devcontainers/universal:2",
   "features": {
   "ghcr.io/devcontainers/features/aws-cli:1": {}
   }
   }

2. Install this extension
3. Login with SSO
4. Make sure you are logged in with SSO account and can access resources in UI
5. Open terminal
6. Execute any cli command such as aws sts get-caller-identity

$ aws sts get-caller-identity

<botocore.awsrequest.AWSRequest object at 0x761e4f599990>

Expected behavior

CLI works

System details (run AWS: About and/or Amazon Q: About)

• OS: Linux x64 6.5.0-1022-azure
• Visual Studio Code extension host: 1.92.0
• AWS Toolkit: 3.18.0
• node: 20.14.0
• CLI: aws-cli/2.17.21 Python/3.11.9 Linux/6.5.0-1022-azure exe/x86_64.ubuntu.20
• Amazon Q version: none

Additional information

$ find ~/.aws/ -type f
/home/codespace/.aws/sso/cache/4f6463411d78d100143509e568db965f1b94bc39.json
/home/codespace/.aws/sso/cache/aws-toolkit-vscode-client-id-us-east-1-1f38e0f8ee2c5a17b5a7e476ce8539fcaf57f036212f75c5b66e04055f1d4f83.json

$ aws sts get-caller-identity --debug
2024-08-02 00:58:19,412 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.17.21 Python/3.11.9 Linux/6.5.0-1022-azure exe/x86_64.ubuntu.20
2024-08-02 00:58:19,412 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['sts', 'get-caller-identity', '--debug']
2024-08-02 00:58:19,425 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x771afae21260>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x771afb038c20>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x771afafb6980>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x771afafd8040>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x771afae23c40>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x771afb0874c0>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x771afae23b00>
2024-08-02 00:58:19,426 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x771afad0e310>>
2024-08-02 00:58:19,426 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.17.21/dist/awscli/data/cli.json
2024-08-02 00:58:19,428 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x771afaf5cfe0>
2024-08-02 00:58:19,428 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x771afaf5d300>
2024-08-02 00:58:19,428 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x771afaf5d260>
2024-08-02 00:58:19,428 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x771afaf5d440>
2024-08-02 00:58:19,428 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x771afaf5d3a0>
2024-08-02 00:58:19,429 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x771afad03440>
2024-08-02 00:58:19,429 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.17.21 Python/3.11.9 Linux/6.5.0-1022-azure exe/x86_64.ubuntu.20
2024-08-02 00:58:19,429 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['sts', 'get-caller-identity', '--debug']
2024-08-02 00:58:19,429 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x771afae21b20>
2024-08-02 00:58:19,429 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x771afb418040>
2024-08-02 00:58:19,429 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x771afaccc720>
2024-08-02 00:58:19,430 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x771afb50e7a0>
2024-08-02 00:58:19,430 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x771afb41b920>
2024-08-02 00:58:19,431 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2024-08-02 00:58:19,432 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x771afb077e20>
2024-08-02 00:58:19,432 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x771afb03cea0>
2024-08-02 00:58:19,446 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.17.21/dist/awscli/botocore/data/sts/2011-06-15/service-2.json
2024-08-02 00:58:19,448 - MainThread - botocore.hooks - DEBUG - Event building-command-table.sts: calling handler <function add_waiters at 0x771afae23b00>
2024-08-02 00:58:19,463 - MainThread - botocore.hooks - DEBUG - Event building-command-table.sts: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x771afad0e310>>
2024-08-02 00:58:19,463 - MainThread - awscli.clidriver - DEBUG - OrderedDict()
2024-08-02 00:58:19,464 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sts.get-caller-identity: calling handler <function add_streaming_output_arg at 0x771afae22020>
2024-08-02 00:58:19,464 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sts.get-caller-identity: calling handler <function add_cli_input_json at 0x771afb4442c0>
2024-08-02 00:58:19,464 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sts.get-caller-identity: calling handler <function add_cli_input_yaml at 0x771afb444360>
2024-08-02 00:58:19,464 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sts.get-caller-identity: calling handler <function unify_paging_params at 0x771afb039260>
2024-08-02 00:58:19,478 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.17.21/dist/awscli/botocore/data/sts/2011-06-15/paginators-1.json
2024-08-02 00:58:19,478 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sts.get-caller-identity: calling handler <function add_generate_skeleton at 0x771afaf337e0>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.sts.get-caller-identity: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x771afad9b350>>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.sts.get-caller-identity: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x771afad9b8d0>>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.sts.get-caller-identity: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x771afada96d0>>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event building-command-table.sts_get-caller-identity: calling handler <function add_waiters at 0x771afae23b00>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event building-command-table.sts_get-caller-identity: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x771afad0e310>>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.sts.get-caller-identity.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x771afad10050>
2024-08-02 00:58:19,479 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.sts.get-caller-identity.cli-input-yaml: calling handler <awscli.paramfile.URIArgumentHandler object at 0x771afad10050>
2024-08-02 00:58:19,480 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.sts.get-caller-identity.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x771afad10050>
2024-08-02 00:58:19,480 - MainThread - botocore.hooks - DEBUG - Event calling-command.sts.get-caller-identity: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x771afad9b350>>
2024-08-02 00:58:19,480 - MainThread - botocore.hooks - DEBUG - Event calling-command.sts.get-caller-identity: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x771afad9b8d0>>
2024-08-02 00:58:19,480 - MainThread - botocore.hooks - DEBUG - Event calling-command.sts.get-caller-identity: calling handler <bound method GenerateCliSkeletonArgument.generate_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x771afada96d0>>
2024-08-02 00:58:19,480 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2024-08-02 00:58:19,481 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTP connection (1): 169.254.169.254:80
2024-08-02 00:58:19,504 - MainThread - urllib3.connectionpool - DEBUG - http://169.254.169.254:80 "PUT /latest/api/token HTTP/1.1" 400 322
2024-08-02 00:58:19,504 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
  File "awscli/clidriver.py", line 499, in main
  File "awscli/clidriver.py", line 634, in __call__
  File "awscli/clidriver.py", line 837, in __call__
  File "awscli/clidriver.py", line 959, in invoke
  File "awscli/botocore/session.py", line 825, in create_client
  File "awscli/botocore/session.py", line 890, in _resolve_region_name
  File "awscli/botocore/session.py", line 265, in get_config_variable
  File "awscli/botocore/configprovider.py", line 350, in get_config_variable
  File "awscli/botocore/configprovider.py", line 468, in provide
  File "awscli/utils.py", line 115, in provide
  File "awscli/utils.py", line 120, in _get_instance_metadata_region
  File "awscli/utils.py", line 171, in retrieve_region
  File "awscli/utils.py", line 180, in _get_region
  File "awscli/botocore/utils.py", line 392, in _fetch_metadata_token
botocore.utils.BadIMDSRequestError: <botocore.awsrequest.AWSRequest object at 0x771afb41c210>

<botocore.awsrequest.AWSRequest object at 0x771afb41c210>

[mwisnicki]

$ env AWS_EC2_METADATA_DISABLED=true aws sts get-caller-identity

Unable to locate credentials. You can configure credentials by running "aws configure".

Is this extension supposed to configure aws-cli when logged in through UI?

[justinmk3]

Is this extension supposed to configure aws-cli when logged in through UI?

Currently not implemented. See https://github.com/aws/aws-toolkit-vscode/issues/1351