Closed tero closed 3 years ago
Hi, thanks for the bug report! I've implemented a fix and it should be found in pre release 4.5.0a1. I'll deploy this to release 4.5.0 once I'm confident in the changes. If you experience any issues with pre release 4.5.0a1 please update this issue, thanks!
Great, thanks! I'll just upgraded to pre-release and will update if there will be any issues with it.
I think this broke MFA support? Pre-release version doesn't ask for MFA token but shows and error: Awsume error: An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::[account]:user/[user] is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::[another-account]:role/AdminAccessFromLoginRole
Hmm, could you share your profile configuration (redacting any secrets or account IDs)?
With a profile setup like this I'm being prompted for MFA:
#~/.aws/credentials
[test]
aws_access_key_id = ...
aws_secret_access_key = ...
#~/.aws/config
[profile test]
mfa_serial = ...
[profile test-role]
role_arn = ...
source_profile = test
$ awsume test-role
Enter MFA token:
Could it be that I have org-login
only in credentials file?
#~/.aws/credentials
[org-login]
aws_access_key_id = ...
aws_secret_access_key = ...
#~/.aws/config
[profile org-dev]
region=eu-central-1
role_arn=...
source_profile=org-login
mfa_serial=...
Okay cool, I think I'm able to replicate the issue, I'll update this issue when a fix is pushed
This should be resolved in pre release 4.5.0a3, please let us know if you experience any issues, thanks!
4.5.0 has been released
I tried to use aws-cli when the session token was expired and got
The config profile could not be found
error. Ok, I restart awesume, I thought. But running awsume now fails with same error. Only way to fix this was to switch new terminal window.