search

trek10inc / awsume

A utility for easily assuming AWS IAM roles from the command line.
https://awsu.me
MIT License
488 stars 90 forks source link

Awsume hangs forever pulling credentials with wrong default profile (since 4.4.0) #103

Closed jenshoffmann1331 closed 4 years ago

jenshoffmann1331 commented 4 years ago

Until now my ./aws/config contained a defaultl profile

[default]
...
source_profile = default

[profile more]

I assumed that I can use source_profile to refer to a profile set in ./aws/credentials which also contains a [default] section. With this setup awsume just hangs forever. Without setting source_profile in my default section, awsume works as aspected.

This behaviour is since 4.4.0.

mbarneyjr commented 4 years ago

It appears there may be a misunderstanding of how source_profile should be used. According to the docs: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

source_profile

Specifies a named profile with long-term credentials that the AWS CLI can use to assume a role that you specified with the role_arn parameter. You cannot specify both source_profile and credential_source in the same profile.

source_profile isn't to configure what profile in the ~/.aws/credentials file a profile in the ~/.aws/config file uses, just what profile to use before assuming a role. The aws cli and most sdks will look for a profile of the same name, si you just need to make sure the profile names are the same

In the ~/.aws/credentials file, your profile should look like this:

[PROFILE_NAME]

In the ~/.aws/config file it should look like this:

[profile PROFILE_NAME]

The only exception to this rule is the default profile, it can stand without the profile prefix in the ~/.aws/config file and still function