search

benkehoe / aws-sso-util

Smooth out the rough edges of AWS SSO (temporarily, until AWS makes it better).
Apache License 2.0
932 stars 70 forks source link

VSCode/AWS CDK Error with credential_provider. #89

Open johnowens00 opened 1 year ago

johnowens00 commented 1 year ago

When trying to use VSCode w/ AWS CDK an error happens saying that the credential_provider could not be found. I confirmed in my .aws/config file there's a profile with a credential_provider line. Opened ticket w/ AWS Support and they suggested it's an issue with aws-sso-util.

Error message from VSCode:

2023-02-02 14:57:33 [ERROR]: _aws.auth.reauthenticate: Error: Unable to authenticate connection -> CredentialsProviderError: Profile aws.account.2.AdministratorAccess did not contain credential_process.

snipped from .aws/config

[profile aws.account.2] region = us-east-1 aws_session_expiration = 2023-01-20T02:02:25 sso_start_url = redacted sso_region = us-east-1 sso_account_name = aws-account.2 sso_account_id = redacted sso_role_name = Administrator.Access credential_process = aws-sso-util credential-process --debug --profile aws.account.2.AdministratorAccess sso_auto_populated = true

It's worthy to note that if I delete the credential_process line it will log in but not auto-refresh credentials. Nothing in the debug file shows warnings or errors for anything attempted. I'm not attaching the debug log as it contains token info.

bilalq commented 5 months ago

I'm running into the same issue. I hadn't run aws-sso-util configure populate in a long time, and things had been working. After running it again, I started getting errors when trying to run commands like cdk bootstrap and cdk deploy.

Deployment failed: Error: Need to perform AWS calls for account 123456789012, but no credentials have been configured
    at SdkProvider.forEnvironment (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:391:13075)
    at async Deployments.cachedSdkForEnvironment (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:12580)
    at async Deployments.prepareSdkFor (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:8146)
    at async Deployments.isSingleAssetPublished (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:11799)
    at async /Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:166809

Need to perform AWS calls for account 123456789012, but no credentials have been configured

Not entirely sure if this is a bug in CDK or aws-sso-util, but like @johnowens00 mentioned, removing the credential_process line fixes it for me.

benkehoe commented 1 month ago

I'm skeptical this is a problem with aws-sso-util, the credential process is compliant with the spec. The JS SDK v2 has slowly been fixing its Identity Center support, I wouldn't be surprised if it also has credential process problems, but this is the first I've heard of it. When you generate profiles, you can use --no-credential-process to suppress the credential_process line. At some point I will create a new major version that omits it by default.

Let me know if it is still happen and I will try to figure out what the SDK's problem is.