dnitsch
commented
6 months ago thanks for the issue @dibyadhar - I'll take a look. it does sound like the clear-cache command needs to do a bit more work in the OS secret store.
Open dibyadhar opened 6 months ago
dnitsch
commented
6 months ago thanks for the issue @dibyadhar - I'll take a look. it does sound like the clear-cache command needs to do a bit more work in the OS secret store.
Describe the bug
When attempting to use aws-cli-auth to fetch temporary credentials for AWS login via Okta, an error occurs during the process of updating the kubeconfig for an EKS cluster and when trying to switch to a target AWS account. The error message indicates an issue with validating credentials and mentions an InvalidClientTokenId.
I use https://github.com/common-fate/granted in CLI to manage my aws profiles but it seems it throughs up same error if you do native CLI calls to assume target role.
Additional troubleshooting steps included clearing the stale credential using aws-cli-auth clear-cache . There is an inconsistency with the command clear not functioning as expected in mac os with
To Reproduce Steps to reproduce the behavior: Execute the command to assume a profile:.okta.com/home/amazon_aws/xxxxx/xxxx" --principal "arn:aws:iam::012345678:saml-provider/PROVIDER-Okta" -r "arn:aws:iam::0123456789:role/TARGET-ROLE" -d 3600
aws-cli-auth saml -p "https://
In my case using [https://github.com/common-fate/granted ] assume target-aws-profile
The error is displayed in the terminal.
Expected behavior The expected behavior is the successful assumption of the specified AWS profile without encountering credential validation errors.
Screenshots
Desktop (please complete the following information):
Additional context aws-cli-auth version tried out aws-cli-auth version v0.13.5-81b8ef042464a06c8733f2ec74fb0224c2c4dd41 aws-cli-auth version v0.14.0-ac79bd26aa5d29c83895a6552514e45870536b1c