Closed sherif-fanous closed 1 year ago
I ended up creating a script at ~/.local/bin/awscreds
containing the correct gsts command including the AWS_PROFILE
env variable (and --cache-dir ~/.aws
), then I use that script in ~/.aws/config
in the credentials_process
of the main account we use to authenticate, so now credentials are saved with the correct profile, and I can just type whatever aws cli or kubectl command I need.
Thanks for the detailed report @sherif-fanous! Should be fixed on v5.0.1. Could you give it a try please?
I upgraded to gsts v5.0.0 yesterday and have run into an issue where gsts ignores the command line argument
--aws-profile
.Looking at the if/else block here it seems that there is a bug where the
else
block is always executed unless--aws-profile
is not passed andAWS_PROFILE
is set.As a result, gsts attempts to use
default
for all my profiles. The first time I use gsts with a profile it creates an entry in the cache under AWS profiledefault
. If I then use gsts with a different profile, I run into the following errorCurrent workaround is to use
--no-credentials-cache
but that's not sustainable in the long term.Sample
credentials_process
command in my~/.aws/config
filegsts --aws-profile PPP --aws-region us-east-1 --aws-role-arn arn:aws:iam::XXX:role/YYY --playwright-engine-executable-path "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --json --idp-id AAA --no-credentials-cache --sp-id BBB --username CCC
I believe the following is the required fix