Comments (15)
shwethaumashanker
commented on June 12, 2024
2
@muraleee @totogtr Can you please try running alias | grep assume and see if your shell alias is set up correctly (If you get an output like: assume='source assume' or assume='. assume')? If not you can manually configure your alias
from granted.
totogtr
commented on June 12, 2024
1
After using assume [✔] [my-account](us-west-2) session credentials will expire in 2 hours, I get nothing in env related to AWS
from granted.
arusa
commented on June 12, 2024
1
When looking into ~/.aws/config I saw
credential_process = aws-sso-util credential-process --profile XXXXXXXX
So I tried to execute this command manually to see if there are any errors. The output was:
Login required. Use `aws-sso-util login --profile XXXXXXX` or `aws sso login --profile XXXXXXXX` and try again.
So I manually executed this aws-sso-util login command, which again started the auth process with the SSO website and resulted in "Login succeeded".
After that manual step I was able to access AWS again using aws-cli and terraform.
from granted.
totogtr
commented on June 12, 2024
I do have the same issue.
I can run aws commands with --profile but granted/assume keep saying :
Unable to locate credentials. You can configure credentials by running "aws configure".
I did not found anything related to that on the docs troubleshooting page.
Same thing when running granted sso generate for a fresh .aws/config
from granted.
Conrix
commented on June 12, 2024
Same here, I can assume but aws sts getcalleridentity fails with "The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile."
Looks a bit like a problem with a sub shell. But I am new to granted and didn't dig deeper. I might be completely wrong.
from granted.
shwethaumashanker
commented on June 12, 2024
@Conrix Can you please try clearing your ~/.aws/sso/cache ?
from granted.
Conrix
commented on June 12, 2024
@shwethaumashanker I cleaned the cache but the problem persists:
Error loading SSO Token: Token for https://XXXXXXXXXXXXX/start does not exist
btw:
alias | grep assume
outputs:
assume='. assume'
from granted.
shwethaumashanker
commented on June 12, 2024
@Conrix Can you please run cat ~/.granted/config and send us the output. Could you also please send an example of a profile from ~/.aws/config that has this issue? (Feel free to remove account ID and other sensitive data)
from granted.
totogtr
commented on June 12, 2024
@shwethaumashanker thanks, my alias looks like (fish shell) :
alias | grep assume
alias assume 'source /usr/local/bin/assume.fish'
from granted.
shwethaumashanker
commented on June 12, 2024
Thanks, @totogtr, that does look right! What do you get when you run env | grep AWS after assuming a role ?
from granted.
chrnorm
commented on June 12, 2024
@totogtr could you please try updating the alias in your fish config as follows and let us know if it fixes the issue?
alias assume 'source /usr/local/bin/assume.fish --export-all-env-vars'
from granted.
totogtr
commented on June 12, 2024
Thanks, tried it but it doesn't seem to change anything.
Running assumego and manually setting the variable with export AWS_ACCESS_KEY_ID=myresultaccesskey etc. similarly to what is done at the end of /usr/local/bin/assume.fish does work
from granted.
JeffDuss
commented on June 12, 2024
Hi,
We had the same problem and found the fix.
The command 'alias assume' returned nothing.
We created the file ~/.bash_profile and added -> alias assume="source assume"
OR
run assumego
You can find this in the documentation : https://docs.commonfate.io/granted/troubleshooting#manually-configuring-your-shell-profile
from granted.
arusa
commented on June 12, 2024
I have the same problem. Everything worked fine yesterday and today, after upgrading granted from 0.17.1 to 0.20.7 using brew it doesn't work anymore.
assume works fine and everything looks good, but running aws ssm start-session... fails with the error:
Error loading SSO Token: Token for https://d-XXXXXXX.awsapps.com/start does not exist
The alias looks good and also AWS_* environment variables get defined (AWS_PROFILE, AWS_REGION, AWS_DEFAULT_REGION)
I can also see the credentials for the AWS_profile in .aws/credentials
from granted.
p3nda
commented on June 12, 2024
When looking into ~/.aws/config I saw
credential_process = aws-sso-util credential-process --profile XXXXXXXXSo I tried to execute this command manually to see if there are any errors. The output was:
Login required. Use `aws-sso-util login --profile XXXXXXX` or `aws sso login --profile XXXXXXXX` and try again.So I manually executed this
aws-sso-util logincommand, which again started the auth process with the SSO website and resulted in "Login succeeded".After that manual step I was able to access AWS again using aws-cli and terraform.
This worked for me.
from granted.
Related Issues (20)
- Support refreshable AWS SSO sessions HOT 1
- Unclear warning with no way to quiet the error text. HOT 2
- Registry: MOTD
- Add the role that was retrieved to the error message when role assumption fails (AWS)
- Feature Request: Automatically populate [Default] with assumed profile HOT 7
- IAM Federated logins (console) should have easily attributable username in Cloudtrail list view.
- BaseProfile variable defined in config.yml for Profile Registries does not work
- Add option to clear the whole Granted cache
- [Feature request] Use a specific browser profile for authentication HOT 5
- File keychain backend should bail in credential process rather than hanging HOT 1
- Prefix-Duplicate-Profiles flag not respected
- Discrepancy in the behavior when '--save-to' and '--export' flags are used together
- No documentation on how to uninstall
- Keychain backend not working on Macs (v0.24.0) HOT 10
- For granted sso generate/populate commands add support to persist preferences in .granted/config HOT 1
- Only enable auto-refresh when all necessary fields exist in .aws/config HOT 1
- SSO populate does not work if the user has no accounts granted: max must be greater than 0
- `granted console` fails with code 400 HOT 5
- Improve docs on building from source
- It should be possible to use Granted with Firefox without installing the extension
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from granted.