Closed rjacquemin closed 1 year ago
Based on sample .NET code at Single sign-on (SSO) with the AWS SDK for .NET,
Generate and use an SSO token programmatically
, ClientName
property also needs to be set.AWS CLI and .NET application
, then client name need not be explicitly set.@rjacquemin Please confirm the following:
default
credentials profile is the SSO profile4.1.164
?Thanks, Ashish
See an example of the aws sso profile config
[profile default]
sso_start_url = https://xxxxx.awsapps.com/start#/
sso_region = us-east-1
sso_account_id = xxxxxxxxxxxx
sso_role_name = xxxxxxxxxxxxx
region = us-east-1
You mentioned the error occurred recently and the logic was working fine earlier. You are asserting that the possible breaking change was introduced in version 4.1.165 which was released a month ago. Is this correct and that you noticed the recurring issue only until recently, and it works fine with version 4.1.164?
yes I can confirm 4.1.164 is working like before
Hi @rjacquemin,
Good afternoon.
If we follow the steps properly, the issue is not reproducible in the latest AWS Tools for PowerShell version. The issue occurs if aws sso login
command is not executed before calling Get-CAAuthorizationToken
. For testing, I did not use the said Docker image, instead I tested it locally. Here is the screenshot:
Get-CAAuthorizationToken
without executing aws sso login
. Got the said error reported by you.aws sso login
and approved the login in the web browser.Get-CAAuthorizationToken
. It ran successfully.Few points to notice:
Get-CAAuthorizationToken
in the said docker image. Do you have AWS CLI installed in the docker image and executed aws sso login
in your image?AWS.Tools.SecurityToken
and execute Get-STSCallerIdentity
to verify if you are actually logged in to your SSO profile and caller identity of the credentials.Thanks, Ashish
This issue has not received a response in 5 days. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.
You are running the Get-CAAuthorizationToken in the said docker image. Do you have AWS CLI installed in the docker image and executed aws sso login in your image?
yes we are installing AWS CLI on the docker image we are doing sso login on the host machine then mount the credentials volume on the docker
so the docker have access to the sso credentials
aws sso login
aws codeartifact login --tool dotnet --repository xxxx --domain xxxx --domain-owner xxxxx
docker run --rm -it -v C:\Users\xxxxxx/.aws:/root/.aws:ro mcr.microsoft.com/dotnet/core/sdk:3.1 pwsh
Install-Module -Name AWS.Tools.Installer -Force -MaximumVersion 1.0.2.4
Install-AWSToolsModule AWS.Tools.SSO -CleanUp -Force
Install-AWSToolsModule AWS.Tools.SSOOIDC -CleanUp -Force
Install-AWSToolsModule AWS.Tools.CodeArtifact -CleanUp -Force
Import-Module -Name AWS.Tools.SSO, AWS.Tools.SSOOIDC
Get-CAAuthorizationToken -Region us-east-1 -Domain "xxxxx" -DomainOwner "xxxxx" -Select "AuthorizationToken"
But it was working fine before As mentioned issue started something like a month ago I was able to repro with version https://www.powershellgallery.com/packages/AWS.Tools.CodeArtifact/4.1.165
You may also install AWS.Tools.SecurityToken and execute Get-STSCallerIdentity to verify if you are actually logged in to your SSO profile and caller identity of the credentials.
will check those maybe can give us more info
If using AWS CLI and .NET application, then client name need not be explicitly set.
what is the ClientName
parameter and what should be
checking the official doc https://docs.aws.amazon.com/powershell/latest/reference/items/Get-CAAuthorizationToken.html
we are talking about ClientConfig
?
@rjacquemin ClientName
is set internally after while successful SSO credentials resolution. It's not related to ClientConfig
. I'm still unsure on how you would be able to simply mount the credentials volume in docker and make it work. Were you able to get the result of Get-STSCallerIdentity
inside docker image?
Thanks, Ashish
see no pbm using 4.1.164
see with latest packages
Describe the bug
using powershelltool for some CI scripts since a while
Everything was working fine but suddenly
Get-CAAuthorizationToken
is showing error After some investigation look like a breaking change was introduce in version 4.1.165Error message
Expected Behavior
Considering we are logged in with AWS SSO We should be able to get the Auth Token without pbm using aws powershel tool
It was working before but stop working lately
Current Behavior
to facilitate the repro i used docker image
Giving following error
Reproduction Steps
Checking with version 4.1.164 is success
Checking with latest is Failed
Possible Solution
No response
Additional Information/Context
No response
AWS Tools for PowerShell version used
AWS.Tools.Installer 1.0.2.4 AWS.Tools.SSO -CleanUp -Force -MaximumVersion 4.1.164 vs latest AWS.Tools.SSOOIDC -CleanUp -Force -MaximumVersion 4.1.164 vs latest AWS.Tools.CodeArtifact -CleanUp -Force -MaximumVersion 4.1.164 vs latest
PowerShell version used
Name Value
PSVersion 7.0.12 PSEdition Core GitCommitId 7.0.12 OS Linux 5.10.102.1-microsoft-standard-WSL2 #1 SMP Wed Mar 2 00:30:59 UTC 2022 Platform Unix PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0
Operating System and version
Windows 10