Where/How are logs stored/accessed?

[kiddom-kq]

I am trying to understand why a co-worker and I are having different experiences with the same configuration.

Here is a (slightly) redacted configuration. The actual details have been replaced with more generic tokens. I have left the last three characters of each account ID intact and the actual account/brand/department/role names have been replaced with meta tokens.

[orgRootAccount]
aws_account_id = 789ABCDEF518
region=us-east-2

[profile account01-someRoll_class]
role_arn = arn:aws:iam::789ABCDEF654:role/someBrand/someDepartment/users/someRoleClass
source_profile = orgRootAccount

[profile account02-someRoll_class]
role_arn = arn:aws:iam::789ABCDEF518:role/someBrand/someDepartment/users/someRoleClass
source_profile = orgRootAccount

[profile account03-someRoll_class]
role_arn = arn:aws:iam::789ABCDEF817:role/someBrand/someDepartment/users/someRoleClass
source_profile = orgRootAccount

With this configuration i have zero issues. I can sign into the account identified under orgRootAccount and when I click the key icon, i see the three role/account pairs that I expect.

When signed into the same root account (ending in 518) a co-worker using the exact same configuration Sees nothing in in the popup.

Co-Worker and I both have permission to assume all three roles in all three accounts; when using the 'manual' account switch page from AWS things just work. I do have additional IAM policies/permissions that my co-worker does not, but that should not be the cause here, right? We can both manually switch roles using the 'native' AWS console functionality so the act of assuming a role is not prohibited for either of us... therefore the plugin shouldn't have an issue.. right?

---

I tried the chrome://extensions/?id=jpmkfafbacpgapdghgdpembnojdlgkdl page looking for a way to view plugin logs or similar. Nothing shows up for me in the chrome debug tools when i'm sitting on any AWS console page where the role-switch popup would show the appropriate values.

I'll re-iterate what I said here:

While a fix would be appreciated, emitting literally any user facing message about the error would be helpful

If the popup that would normally display the role/account tuples to sign into has nothing to display... perhaps display some text there to indicate why. You already do this in some scenarios:

- Failed to fetch user info from the AWS Management Console page
- You'll see the role list here when the current tab is AWS Management Console page.

Advice on what could be the problem would be helpful... but an actual error log line will probably be much more useful... if anybody can tell me how to get those from chrome plugins, that'd be helpful. I am seeing some docs that indicate the 'uncompressed' version of a plugin should be de-buggable? https://developer.chrome.com/docs/extensions/mv3/tut_debugging/

To do that approach, would I just disable the extension on the chrome://extensions/ page, turn on debug mode and then load up the zip file from the releases page?

[tilfin]

Please right-click the extension icon to open the context menu, and then click on Inspect popup at the bottom. Then dev tool will be displayed and any errors will appear in the console section.

[kiddom-kq]

Please right-click the extension icon to open the context menu, and then click on Inspect popup at the bottom.

Ha! Of course... the one place i DIDN'T try to launch the chrome debug tools from. Thank you. I'll give that a shot.

If there is nothing displayed in the console, is there a common cause for this behavior? Gut/hunch is that it's a difference in IAM policy but none of the effected parties have any trouble doing a manual role switch. :/

[tilfin]

The configuration for the text to be displayed and the data to be loaded internally are separate, so the internal data may actually be corrupted.

So can you try the following?

• Empty and save the configuration once, and then save your configuration again.
• Uninstall the extension and then install it again.