Closed SLoulergue closed 1 year ago
Hello,
We have tested okta-aws-cli with AWS China account. AWS Federation is working in a browser but with okta-aws-cli we have an error
okta-aws-cli don't use regional STS and it seems not work with the global STS for AWS china account.
Api debug logs:
----------------------------------------------------- ←[0;1;99mIdP: ←[0m←[0;36marn:aws-cn:iam::012345678910:saml-provider/OKTA←[0m ←[0;1;99mRole: ←[0m←[0;36marn:aws-cn:iam::012345678910:role/ROLENAME←[0m 2023/09/16 16:03:11 [DEBUG] API Request Details: ---[ REQUEST ]--------------------------------------- POST / HTTP/1.1 Host: sts.amazonaws.com Content-Length: 11386 Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: aws-sdk-go/1.44.94 (go1.19.12; windows; amd64) x x x x ---[ RESPONSE ]-------------------------------------- HTTP/1.1 400 Bad Request Connection: close Content-Length: 449 Content-Type: text/xml Date: Sat, 16 Sep 2023 14:03:12 GMT X-Amzn-Requestid: 2da96917-6183-43f0-ad0e-e0f89d703002 <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"> <Error> <Type>Sender</Type> <Code>InvalidIdentityToken</Code> <Message>Specified provider doesn't exist (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: 14469be3-6ac8-494f-825b-28a98d9588a8; Proxy: null)</Message> </Error> <RequestId>2da96917-6183-43f0-ad0e-e0f89d703002</RequestId> </ErrorResponse> -----------------------------------------------------
Is okta-aws-cli working for someone with AWS China account? If AWS China is not working I think usage of regional STS can solve this issue.
Thank you in advance.
Hello
Hi have solved my issue with
export AWS_REGION='cn-north-1'
AWS_DEFAULT_REGION don't work only AWS_REGION is used by okta-aws-cli?
Hello,
We have tested okta-aws-cli with AWS China account. AWS Federation is working in a browser but with okta-aws-cli we have an error
okta-aws-cli don't use regional STS and it seems not work with the global STS for AWS china account.
Api debug logs:
Is okta-aws-cli working for someone with AWS China account? If AWS China is not working I think usage of regional STS can solve this issue.
Thank you in advance.