Open johnowens00 opened 1 year ago
I'm running into the same issue. I hadn't run aws-sso-util configure populate
in a long time, and things had been working. After running it again, I started getting errors when trying to run commands like cdk bootstrap
and cdk deploy
.
Deployment failed: Error: Need to perform AWS calls for account 123456789012, but no credentials have been configured
at SdkProvider.forEnvironment (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:391:13075)
at async Deployments.cachedSdkForEnvironment (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:12580)
at async Deployments.prepareSdkFor (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:8146)
at async Deployments.isSingleAssetPublished (/Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:11799)
at async /Users/bilalq/zoya/code/prototype/node_modules/aws-cdk/lib/index.js:431:166809
Need to perform AWS calls for account 123456789012, but no credentials have been configured
Not entirely sure if this is a bug in CDK or aws-sso-util, but like @johnowens00 mentioned, removing the credential_process
line fixes it for me.
I'm skeptical this is a problem with aws-sso-util, the credential process is compliant with the spec. The JS SDK v2 has slowly been fixing its Identity Center support, I wouldn't be surprised if it also has credential process problems, but this is the first I've heard of it. When you generate profiles, you can use --no-credential-process
to suppress the credential_process
line. At some point I will create a new major version that omits it by default.
Let me know if it is still happen and I will try to figure out what the SDK's problem is.
When trying to use VSCode w/ AWS CDK an error happens saying that the credential_provider could not be found. I confirmed in my .aws/config file there's a profile with a credential_provider line. Opened ticket w/ AWS Support and they suggested it's an issue with aws-sso-util.
Error message from VSCode:
2023-02-02 14:57:33 [ERROR]: _aws.auth.reauthenticate: Error: Unable to authenticate connection -> CredentialsProviderError: Profile aws.account.2.AdministratorAccess did not contain credential_process.
snipped from .aws/config
[profile aws.account.2] region = us-east-1 aws_session_expiration = 2023-01-20T02:02:25 sso_start_url = redacted sso_region = us-east-1 sso_account_name = aws-account.2 sso_account_id = redacted sso_role_name = Administrator.Access credential_process = aws-sso-util credential-process --debug --profile aws.account.2.AdministratorAccess sso_auto_populated = true
It's worthy to note that if I delete the credential_process line it will log in but not auto-refresh credentials. Nothing in the debug file shows warnings or errors for anything attempted. I'm not attaching the debug log as it contains token info.