ChrisPates
commented
1 year ago Has you aws SSO access token expired?
It’s the most likely reason for a working deployment stopping working.
Chris
On 2 Nov 2023, at 18:57, danielnovello-pf @.***> wrote:
401 error getting AWS groups
All of a sudden, the Lamda function does not work. Its able to retrieve the Google groups, but fails when attempting to get the AWS groups.
To Reproduce Steps to reproduce the behavior:
- Create Function URL to run on-demand
- Ran function and watch CloudWatch logs
- Removed function and CloudWatch log group
- Re-deployed function (successfully)
- Ran function and watch CloudWatch logs - Failed with same error
Expected behaviour Once the function retrieves the Google groups, it's suppose to get the AWS groups and perform a diff. Then update/modify the AWS groups
Additional context
We have added more policies to allow access to AWS SSO and organizations (Users groups) The version we are using is v1.1.0 https://github.com/awslabs/ssosync/releases/tag/v1.1.0 Attempts to use anything never fail
CloudWatch Logs:
...."collects all google groups..." { "group": "AWS Roles - Redacted", "id": "Redacted", "level": "debug", "msg": "get user", "time": "2023-11-02T18:33:57Z" } { "level": "info", "msg": "get existing aws groups", "time": "2023-11-02T18:33:57Z" } { "level": "error", "msg": "error getting aws groups", "time": "2023-11-02T18:33:57Z" } status of http response was 401: errorString null
— Reply to this email directly, view it on GitHub https://github.com/awslabs/ssosync/issues/155 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ABVULYLGIGJMJKRP3A2L6ETYCPUILAVCNFSM6AAAAAA63LVLQ2VHI2DSMVQWIX3LMV43ASLTON2WKOZRHE3TIOBWHAYDSOI . You are receiving this because you are subscribed to this thread. https://github.com/notifications/beacon/ABVULYINH3HEHMJS3FAGIQLYCPUILA5CNFSM6AAAAAA63LVLQ2WGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHHLNQYQM.gif Message ID: @.***>
danielnovello-pf
401 error getting AWS groups
All of a sudden, the Lamda function does not work. Its able to retrieve the Google groups, but fails when attempting to get the AWS groups.
To Reproduce Steps to reproduce the behavior:
Expected behaviour Once the function retrieves the Google groups, it's suppose to get the AWS groups and perform a diff. Then update/modify the AWS groups
Additional context
We have added more policies to allow access to AWS SSO and organizations (Users groups) The version we are using is v1.1.0 Attempts to use anything never fail
CloudWatch Logs:
...."collects all google groups..."{ "group": "AWS Roles - Redacted", "id": "Redacted", "level": "debug", "msg": "get user", "time": "2023-11-02T18:33:57Z" }{ "level": "info", "msg": "get existing aws groups", "time": "2023-11-02T18:33:57Z" }{ "level": "error", "msg": "error getting aws groups", "time": "2023-11-02T18:33:57Z" }status of http response was 401: errorString null