search

trek10inc / awsume

A utility for easily assuming AWS IAM roles from the command line.
https://awsu.me
MIT License
485 stars 90 forks source link

Why does awsume make me run the SSO login command manually? #192

Closed metov closed 10 months ago

metov commented 1 year ago

When I run awsume my_role I sometimes get the message:

Awsume error: credential_process error: Login required. Use `aws-sso-util login --profile my_role` or `aws sso login --profile my_role` and try again.

But in my .aws/config I already have:

[profile my_role]
credential_process = aws-sso-util credential-process --profile my_role
sso_start_url = ...
sso_region = ...
sso_account_id = ...
sso_role_name = ...
region = ...

And when I copy and paste the SSO login command from awsume's message, awsume my-role then works. So if awsume knows the command, why doesn't it just run it instead of asking me to? Is this is expected behavior, or is something messed up in my config?

I also get a warning about the awsume shell script not being sourced. I'm okay with that and I don't think it would cause the above issue, but I can try to fix that.

mtskillman commented 10 months ago

@metov yes currently you have to run the sso login command manually--this is expected behavior

metov commented 10 months ago

@mtskillman But why?

mtskillman commented 10 months ago

@metov support for native awsume integration with SSO would be covered by issue #101

the current state of support for SSO is described as such by @mbarneyjr :

AWS SSO profiles are indirectly supported through the recent support for the credential_process property on profiles. If you utilize this tool, awsume will be able to pull the credentials from that credential_process.