--resolve-aliases toggle doesn't work for all aws accounts

[ashishmohite]

I have access to 5 AWS accounts through Google SSO but when i run aws-google-auth -d 7200 --resolve-aliases it shows me the aliases for two accounts only even though I have aliases set for all the accounts

[DV8FromTheWorld]

I am seeing this as well. We have 8 accounts and 2 of them are not showing their aliases.

[Solvik]

Your user must have IAM permissions iam:Get* and iam:List* to be able to resolve the account aliases

[ashishmohite]

@Solvik all my users have Admin access so that shouldn't be an issue in my case

[stevemac007]

Is there anything in your CloudTrail logs that explains why these are denied? It could also be something weird being returned - the Alias resolving code does eat an exception when processing the identities.

If you can login with one of the ones that do not show and use the AWS CLI to show the aliases, what does it show?

eg.

$ aws iam list-account-aliases
{
    "AccountAliases": [
        "cevo-dev"
    ]
}

[axelpavageau]

same issue for me, I have 40+ accounts and about 10 of them show without aliases. I just checked one of those and I get the expected result :

{
    "AccountAliases": [
        "my-account-alias"
    ]
}

also those aliases show properly on AWS's SAML login page