Pulumi CLI support for AWS sso-session

[OdmBkv]

Pulumi cli when using AWS Native packages looks for the sso_region, sso_start_url in the aws config and unable to find them under the [sso_session xxx] portion.

This appears to mirror the issue raised in issue 2271 support sso-session

Please provide an update on fix or method to resolve without changing the sso_session as in workaround below. tried without success things like

• pulumi config set aws-native:profile <my_profile_with_sso_session> work around (not ideal) but WORKS
• reconfigure your config for aws profiles moving all the sso_stuff under [profile] and remove the [sso_session xxxx] part.

SSO Error from pulumi preview with correct aws config

Reconfigured aws config

[EvanBoyle]

Transferring this to github.com/pulumi/pulumi-aws-native

[kpitzen]

Hi @OdmBkv - thank you for raising this for us. I'm glad you were able to find a workaround, but I agree there's room for improvement with the SSO experience here. We'll get this slated for work as soon as we can. Thanks again!

[OdmBkv]

Just checking status and confirmed as of pulumi version = v3.69.0, aws-cli --version = 2.11.25 Python that Pulumi up|preview still returns "missing required configuration: sso_region, sso_start_url" with AWS SSO configured with aws configure sso actually working.

[OdmBkv]

@kpitzen I just updated the packages in one of my repo stacks for pulumi, pulumi-aws, and pulumi-aws-native to test the aws sso part.

After the update of pulumi-aws-native from 0.57.0 to 0.68.0 pulumi preview on the stack worked. My total changes aws-cli --version = 2.13 python 3.9.16 packages:

• pulumi 3.62.0 -> 3.74.0
  • test pulumi preview after no change on error
• pulumi-aws 5.35.0 -> 5.41.0 no change
  • test pulumi preview after no change on error
• pulumi-aws-native 0.57.0 -> 0.68.0
  • test pulumi preview after worked

So now my aws-cli can leverage all the profiles for my SSO login and pulumi, as I configured, uses the default correctly.

[OdmBkv]

Actually still have a problem with some resources that had been created that I had to change aws config back to the sso grouped in the profile config structure. So still some issues out there but the other resources (non-native) were destroyed

 Type                           Name                                    Status                  Info
 pulumi:pulumi:Stack            well_comm_infra-dev                     **failed**              1 error

• ├─ aws-native:lambda:Function ds-wc-trend-well-production-lambda-dev deleting failed 1 error
• ├─ aws-native:lambda:Function ds-wc-welllist-lambda-dev deleting failed 1 error
• └─ aws-native:lambda:Function ds-wc-wellpairs-lambda-dev deleting failed 1 error

Diagnostics: aws-native:lambda:Function (ds-wc-trend-well-production-lambda-dev): error: could not load AWS config: profile "aws-bkv-development" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

[JonCholas]

any plans to have this soon? it seems it he last step to have all of it working:

• pulumi cli now supports it
• aws-classic now supports it
• pulumi credentials provider now supports it
• pulumi credentials with eks encryption now supports it

now is turn to aws-native to finally support it. I'm in the last version and still getting the error

Successfully installed pulumi-aws-native-0.96.0

Diagnostics:
  aws-native:chatbot:SlackChannelConfiguration (slack-chatbot):
    error: could not load AWS config: profile "<edited>" is configured to use SSO but is missing required configuration: sso_region, sso_start_url