search

awslabs / aws-sdk-rust

AWS SDK for the Rust Programming Language
https://awslabs.github.io/aws-sdk-rust/
Apache License 2.0
2.99k stars 248 forks source link

Missing documentation for Single Sign-On (SSO) credentials #920

Open trevorstr opened 11 months ago

trevorstr commented 11 months ago

Describe the issue

We are an AWS partner and require SSO to access AWS via Okta. I am writing a Rust application against AWS APIs, which needs to authenticate via SSO.

There is no documentation on how to use SSO with the Rust SDK.

Using the crate reference, I was able to hack something together that compiles, but panics at runtime.

The AWS CLI works fine with SSO, so I know the credentials work alright. I need to get the Rust SDK working though.

use aws_sdk_s3 as s3;

use s3::Client;

#[tokio::main]
async fn main() {
    let sso_region = aws_config::meta::region::RegionProviderChain::default_provider().or_else("us-east-1").region().await;
    let sso_creds = aws_config::sso::Builder::new();

    let prov_config = aws_config::
    let sso_prov = sso_creds
        .region(sso_region.unwrap())
        .role_name("AdministratorAccess")
        .start_url("https://zzzzzzzzzz.awsapps.com/start#")
        .account_id("zzzzzzzzz")
        .build();

    let target_region = aws_config::meta::region::RegionProviderChain::default_provider().or_else("us-west-2").region().await.unwrap();
    let config_aws = aws_config::ConfigLoader::default().credentials_provider(sso_prov).region(target_region).load().await;

    let s3_client = s3::Client::new(&config_aws);

    let bucket_list = s3_client.list_buckets().send().await;

    for bucket in bucket_list.unwrap().buckets.unwrap() {
        println!("{}", bucket.name.unwrap());
    }
}

The panic shows this error message, indicating that the Rust SDK is looking for a SSO cache file that doesn't even exist on the local filesystem:

ProviderError(ProviderError { source: IoError { err: Os { code: 2, kind: NotFound, message: "No such file or directory" }, path: "/Users/zzzzzzz/.aws/sso/cache/zzzzzzzzzz.json" } }), connection: Unknown } })', src/main.rs:23:31 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

How do I authenticate to AWS with SSO, using the Rust SDK?

Links

https://docs.aws.amazon.com/sdk-for-rust/latest/dg/credentials.html

jdisanti commented 11 months ago

Unfortunately, what you're trying to do isn't implemented in the current release (see https://github.com/awslabs/aws-sdk-rust/issues/703). I think it should land in a release fairly soon though, as it's just about ready to be merged (https://github.com/awslabs/smithy-rs/pull/2917).