Eddie023
commented
11 months ago Hi, @smelchior Thanks for raising this with a detailed example. I will look into this and get back to you.
Closed smelchior closed 11 months ago
Eddie023
commented
11 months ago Hi, @smelchior Thanks for raising this with a detailed example. I will look into this and get back to you.
clark42
commented
11 months ago Hi @smelchior
I'm not sure if my solution will fix your issue, but I think you put your foo-prod config in the credentials file and/or using the "credentials" format.
Maybe it will not change anything, but you should try to put your [foo-prod] setting in the .aws/config file and use the correct format like for your foo-base profile.
.aws/config
[profile foo-base]
region = eu-central-1
duration_seconds = 43200
credential_process = granted credential-process --profile=foo-base
[profile foo-prod]
role_arn = arn:aws:iam::XXX:role/YYY
source_profile = foo-base
mfa_serial = arn:aws:iam::XXX:mfa/XXX.aws/credentials (or import in granted)
[foo-base]
aws_access_key_id = XX
aws_secret_access_key = XX
smelchior
commented
11 months ago Thanks @clark42 that does indeed fix the failed to get shared config profile error message i was getting before.
So now i can use assume to switch to my other profile with the credentials saved in the keystore. Unfortunately in that config the caching from https://github.com/common-fate/granted/issues/371 does not work, but i will open a separate issue for this.
First thanks for implementing https://github.com/common-fate/granted/issues/371 that really made my life easier!
Now I still have small problem with part of my roles which look like this in the credentials config:
This works perfectly, but when i import the credentials into granted and the config looks like this config:
credentials:
This gives me:
I found this issue for the aws-cli https://github.com/aws/aws-cli/issues/3624 which was fixed with a patch in boto, but i am not sure if a similar thing might be needed here.