Closed BrianMusson closed 3 years ago
The brew method of installation is not the officially supported method of installing awsume. We recommend the use of pipx to install awsume
I'm not sure if that is the cause of the problem you're experiencing, so if trying to install with pipx doesn't resolve the issue, can you provide me more detail on how your config and credentials files are configured (redacting any secrets or account IDs of course)
still having this issue after installing using pipx
(after doing brew uninstall awsume
)
config:
[default]
region = eu-west-1
output = json
[profile dev]
region = eu-west-1
source_profile = my-sandbox-XXXXXXXXXXXX-userATdomain.com
role_arn = arn:aws:sts::XXXXXXXXXXXX:role/admin
credentials:
[my-sandbox-XXXXXXXXXXXX-userATdomain.com]
aws_access_key_id = XXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXX
region=us-east-1
output=json
❯ awsume --version
4.4.1
❯ sw_vers
ProductName: Mac OS X
ProductVersion: 10.15.4
BuildVersion: 19E287
❯ awsume dev
[cinfradevprd] Role credentials will expire 2020-08-21 22:51:16
❯ awsume dev -a
[cinfradevprd] Role credentials will expire 2020-08-21 22:51:20
Traceback (most recent call last):
File "/Users/amirtal/Library/Python/3.7/bin/awsumepy", line 8, in <module>
sys.exit(main())
File "/Users/amirtal/Library/Python/3.7/lib/python/site-packages/awsume/awsumepy/main.py", line 29, in main
run_awsume(sys.argv[1:])
File "/Users/amirtal/Library/Python/3.7/lib/python/site-packages/awsume/awsumepy/main.py", line 17, in run_awsume
awsume.run(argument_list)
File "/Users/amirtal/Library/Python/3.7/lib/python/site-packages/awsume/awsumepy/app.py", line 263, in run
credentials = self.get_credentials(args, profiles)
File "/Users/amirtal/Library/Python/3.7/lib/python/site-packages/awsume/awsumepy/app.py", line 205, in get_credentials
create_autoawsume_profile(self.config, args, profiles, credentials)
File "/Users/amirtal/Library/Python/3.7/lib/python/site-packages/awsume/awsumepy/lib/autoawsume.py", line 19, in create_autoawsume_profile
profile['source_expiration'] = role_session.get('SourceExpiration').strftime('%Y-%m-%d %H:%M:%S')
AttributeError: 'NoneType' object has no attribute 'strftime'
This problem stemmed from the fact that the source profile (the my-sandbox
profile) didn't have an expiration and didn't require MFA. This should be fixed in 4.5.0a4. Let us know if you have any other issues!
4.5.0 has been released
I think I've bumped into the same issue.
awsume myprofile -a
outputs:
Traceback (most recent call last):
File "/Users/awinecki/.local/bin/awsumepy", line 8, in <module>
sys.exit(main())
File "/Users/awinecki/.local/pipx/venvs/awsume/lib/python3.9/site-packages/awsume/awsumepy/main.py", line 29, in main
run_awsume(sys.argv[1:])
File "/Users/awinecki/.local/pipx/venvs/awsume/lib/python3.9/site-packages/awsume/awsumepy/main.py", line 17, in run_awsume
awsume.run(argument_list)
File "/Users/awinecki/.local/pipx/venvs/awsume/lib/python3.9/site-packages/awsume/awsumepy/app.py", line 263, in run
credentials = self.get_credentials(args, profiles)
File "/Users/awinecki/.local/pipx/venvs/awsume/lib/python3.9/site-packages/awsume/awsumepy/app.py", line 205, in get_credentials
create_autoawsume_profile(self.config, args, profiles, credentials)
File "/Users/awinecki/.local/pipx/venvs/awsume/lib/python3.9/site-packages/awsume/awsumepy/lib/autoawsume.py", line 18, in create_autoawsume_profile
profile['expiration'] = role_session.get('Expiration').strftime('%Y-%m-%d %H:%M:%S')
AttributeError: 'NoneType' object has no attribute 'strftime'
awsume -v
> 4.5.0
Python 3.9.2.
fish, version 3.1.2
installed awsume
using pipx install awsume
, using pipx, version 0.16.1.0
My ~/.aws/credentials
:
[myprofile]
aws_access_key_id=***
aws_secret_access_key=***
aws_session_token=IQ***********Qo
I've noticed @amirtal-cp had this bit in the error output: role_session.get('SourceExpiration')
, whereas I have role_session.get('Expiration')
. Not sure what this means, though.
My context: I have a multi-AWS setup managed by ControlTower, with SSO sign on. When I log into the start SSO log in screen, I can grab credentials for my user for a specific permission set. However, these credentials are short lived. In my case, configured to 1 hour. I know it can be increased to 4 or 12 hours.
What I'd like to achieve is to just have the account configured somewhat more permanently, not having to get these credentials every couple hours or every day. I thought this could be achieved with autoawsume
.
Installed through brew: