Open muraleee opened 5 months ago
I do have the same issue.
I can run aws
commands with --profile
but granted/assume keep saying :
Unable to locate credentials. You can configure credentials by running "aws configure".
I did not found anything related to that on the docs troubleshooting page.
Same thing when running granted sso generate
for a fresh .aws/config
Same here, I can assume but aws sts getcalleridentity fails with "The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile." Looks a bit like a problem with a sub shell. But I am new to granted and didn't dig deeper. I might be completely wrong.
@muraleee @totogtr Can you please try running alias | grep assume
and see if your shell alias is set up correctly (If you get an output like: assume='source assume'
or assume='. assume'
)? If not you can manually configure your alias
@Conrix Can you please try clearing your ~/.aws/sso/cache
?
@shwethaumashanker I cleaned the cache but the problem persists: Error loading SSO Token: Token for https://XXXXXXXXXXXXX/start does not exist
btw: alias | grep assume outputs: assume='. assume'
@Conrix Can you please run cat ~/.granted/config
and send us the output. Could you also please send an example of a profile from ~/.aws/config
that has this issue? (Feel free to remove account ID and other sensitive data)
@shwethaumashanker thanks, my alias looks like (fish shell) :
alias | grep assume
alias assume 'source /usr/local/bin/assume.fish'
Thanks, @totogtr, that does look right! What do you get when you run env | grep AWS
after assuming a role ?
After using assume
[✔] [my-account](us-west-2) session credentials will expire in 2 hours
, I get nothing in env related to AWS
@totogtr could you please try updating the alias in your fish config as follows and let us know if it fixes the issue?
alias assume 'source /usr/local/bin/assume.fish --export-all-env-vars'
Thanks, tried it but it doesn't seem to change anything.
Running assumego
and manually setting the variable with export AWS_ACCESS_KEY_ID=myresultaccesskey
etc. similarly to what is done at the end of /usr/local/bin/assume.fish does work
Hi, We had the same problem and found the fix.
The command 'alias assume' returned nothing. We created the file ~/.bash_profile and added -> alias assume="source assume"
OR
run assumego
You can find this in the documentation : https://docs.commonfate.io/granted/troubleshooting#manually-configuring-your-shell-profile
I have the same problem. Everything worked fine yesterday and today, after upgrading granted from 0.17.1 to 0.20.7 using brew it doesn't work anymore.
assume works fine and everything looks good, but running aws ssm start-session...
fails with the error:
Error loading SSO Token: Token for https://d-XXXXXXX.awsapps.com/start does not exist
The alias looks good and also AWS_* environment variables get defined (AWS_PROFILE, AWS_REGION, AWS_DEFAULT_REGION)
I can also see the credentials for the AWS_profile in .aws/credentials
When looking into ~/.aws/config I saw
credential_process = aws-sso-util credential-process --profile XXXXXXXX
So I tried to execute this command manually to see if there are any errors. The output was:
Login required. Use `aws-sso-util login --profile XXXXXXX` or `aws sso login --profile XXXXXXXX` and try again.
So I manually executed this aws-sso-util login
command, which again started the auth process with the SSO website and resulted in "Login succeeded".
After that manual step I was able to access AWS again using aws-cli and terraform.
When looking into ~/.aws/config I saw
credential_process = aws-sso-util credential-process --profile XXXXXXXX
So I tried to execute this command manually to see if there are any errors. The output was:
Login required. Use `aws-sso-util login --profile XXXXXXX` or `aws sso login --profile XXXXXXXX` and try again.
So I manually executed this
aws-sso-util login
command, which again started the auth process with the SSO website and resulted in "Login succeeded".After that manual step I was able to access AWS again using aws-cli and terraform.
This worked for me.
@muraleee @totogtr Can you please try running
alias | grep assume
and see if your shell alias is set up correctly (If you get an output like:assume='source assume'
orassume='. assume'
)? If not you can manually configure your alias
this worked for me to resolve "Unable to locate credentials." issue on linux mint 21.3
Platform : WSL2 on Windows 10 OS: Ubuntu 22.04
I am able to run "assume" and choose a role. However, aws sts get-caller-identity fails with the following error
Unable to locate credentials. You can configure credentials by running "aws configure"
I tried setting AWS_PROFILE to the selected profile in assume command however after that I get the following:
Error when retrieving token from sso: Token has expired and refresh failed