Closed stephaniewang526 closed 2 months ago
This setup seems to work for me:
[default]
sso_session = my-sso
sso_account_id = 123456789123
sso_role_name = SomeRole
region = us-east-1
output = json
[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access
Not sure if something was changed since this issue was opened.
Doesn't work here but I have a different setup with:
[default]
region = us-east-1
output = json
role_arn = arn:aws:iam:ACCOUNTID:role/ROLE_NAME
source_profile = my-profile
[profile my-profile]
sso_region = us-east-1
sso_session = my-sso
sso_account_id = 123456789123
sso_role_name = SomeRole
[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access
Also not working for me with same config as @rairaman
I'm on v0.9.2 3c695d7ba9
, linux ubuntu 22.04. I tried both zsh and bash, and even python with duckdb.sql()
. Tried to specify the profile as well with call load_aws_credentials('my-profile');
Nothing works.
A colleague of mine has it work on his mac, his aws profile looks the same :shrug:
After building myself, it works:
./build/release/duckdb
v0.9.3-dev1243 6af3519ec1
D call load_aws_credentials();
Gives me a nice table full of credentials, while
duckdb
v0.9.2 3c695d7ba9
D call load_aws_credentials();
Gives me an empty table.
For me at least, if you have just done an aws sso login
then it works. If some time has gone by then it doesn't.
"Ah, well your session must have expired!" I hear you say. But no; aws s3 ls
works just fine. So something else going on here.
lets move any discussion here to the aws repo and close this one. Check out the reply here: https://github.com/duckdb/duckdb_aws/issues/14#issuecomment-2004010988 for a working workflow with secrets
aws sso login
is a common path for users to log into their AWS console. The extension does not currently extract tokens from~/.aws/sso/cache
where authentication token is cached to disk through this path. User needs to manually runaws configure
to set up their~/.aws/credentials
instead for the extension work. It would be great if support for the common path ofaws sson login
can be supported also.