Cannot call GetSessionToken with session credentials

[csigritz]

I am using awsume with multiple profiles. Some of them need MFA, some not. Also i am using awsume within virtualenv.

awsume Version:

pip show awsume
Name: awsume
Version: 2.1.5
Summary: Utility for easily assuming AWS IAM roles from the command line, now in Python!
Home-page: https://github.com/trek10inc/awsume
Author: Trek10, Inc
Author-email: package-management@trek10.com
License: MIT
Location: /Users/saruman/virtualenv/aws/lib/python3.6/site-packages
Requires: future, yapsy, python-dateutil, psutil, boto3

I am getting errors when trying to assume a role which does not need MFA. For Roles using MFA no problem occurs.

This is what i get when using a non MFA Profile:

awsume no-mfa-profile
Traceback (most recent call last):
  File "/Users/saruman/virtualenv/aws/bin/awsumepy", line 11, in <module>
    sys.exit(main())
  File "/Users/saruman/virtualenv/aws/lib/python3.6/site-packages/awsume/awsumepy.py", line 1127, in main
    awsumeApp.run()
  File "/Users/saruman/virtualenv/aws/lib/python3.6/site-packages/awsume/awsumepy.py", line 1093, in run
    awsumeUserSession = func(configProfile, credentialsProfile, awsumeUserSession, AWS_CACHE_DIRECTORY, commandLineArguments, out_data)
  File "/Users/saruman/virtualenv/aws/lib/python3.6/site-packages/awsume/awsumepy.py", line 340, in get_user_credentials
    awsUserSession = get_session_token_credentials(userClient, configSection)
  File "/Users/saruman/virtualenv/aws/lib/python3.6/site-packages/awsume/awsumepy.py", line 523, in get_session_token_credentials
    return getSessionTokenClient.get_session_token()
  File "/Users/saruman/virtualenv/aws/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/saruman/virtualenv/aws/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetSessionToken operation: Cannot call GetSessionToken with session credentials

Before running the awsume command no AWS Environments (Credentials, Tokens) have been set.

(aws) saruman@Saruman:~ $ printenv | grep AWS
(aws) saruman@Saruman:~ $ 

This is my config:

~/.aws/credentials

[john]
aws_access_key_id = XXX
aws_secret_access_key = XXXXX

[bill]
aws_access_key_id = XXX
aws_secret_access_key = XXXXX

~/.aws/config

[profile no-mfa-profile]
output = json
region = eu-central-1
role_arn = arn:aws:iam::XXX:role/RoleName
source_profile = john

[profile mfa-profile]
output = json
region = eu-central-1
role_arn = arn:aws:iam::XXX:role/RoleName
mfa_serial = arn:aws:iam::XXX:mfa/UserName
source_profile = bill

The MFA ones work all the time. The ones without MFA fail. Using the profiles with AWS-CLI works as exspected

aws s3 ls --profile no-mfa-profile

Somebody any idea what I'm doing wrong? Thanks.

[csigritz]

Seems that a "default" entry in ~/.aws/credentialsis needed. Changed one of the entries to default and changed the source_profile accordingly. Now assuming the role works as exspected... Sorry for opening an issue caused by some configuration errors.