-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDK not finding the cached SSO token file #2241
Comments
@jwechsler10 -- Sorry for the late response - are you still having this issue? |
Yes, I am. |
The issue seems to be in
|
I just recently faced this, for me just updating aws-cli fixed the issue. |
Hi,
I'm getting
The aws config is [profile profile_name]
sso_session = profile_name
sso_account_id = <number>
sso_role_name = ReadOnly
sso_region = eu-west-1
sso_start_url = <url>
[sso-session profile_name]
sso_start_url = <url>
sso_region = eu-west-1
sso_registration_scopes = sso:account:access If I remove the duplicated lines in the config file like that
I get The test code is package main
import (
"context"
"fmt"
"log"
"os"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/ecs"
)
func main() {
opts := []func(*config.LoadOptions) error{
config.WithRegion(("eu-west-1")),
config.WithSharedConfigProfile("profile_name"),
config.WithRetryer(func() aws.Retryer { return aws.NopRetryer{} }),
}
cfg, err := config.LoadDefaultConfig(context.Background(), opts...)
if err != nil {
log.Fatal(err)
}
err = os.Setenv("AWS_SDK_LOAD_CONFIG", "1")
if err != nil {
log.Fatal(err)
}
err = os.Setenv("AWS_PROFILE", "profile_name")
if err != nil {
log.Fatal(err)
}
ctx := context.Background()
stssvc := sts.NewFromConfig(cfg)
identity, err := stssvc.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
if err != nil {
log.Fatal(err)
}
fmt.Println(identity)
svc := ecs.NewFromConfig(cfg)
var tk *string
for {
cs, err := svc.ListClusters(ctx, &ecs.ListClustersInput{NextToken: tk})
if err != nil {
log.Fatal(err)
}
fmt.Println(cs.ClusterArns)
tk = cs.NextToken
if tk == nil {
break
}
}
} Any suggestion? |
Hi @jwechsler10 and @jdeng, and others on the thread. Unfortunately I'm not able to reproduce the issue. I'm able to start my sso session and use the SDK with that profile successfuly: $ aws --version
aws-cli/2.13.38 Python/3.11.6 Darwin/22.6.0 exe/x86_64 prompt/off
$ cat config
[profile my-new-sso]
sso_session = my-new-sso-session
sso_account_id = REDACTED
sso_role_name = s3FullAccess
[sso-session my-new-sso-session]
sso_region = us-east-1
sso_start_url = https://d-REDACTED.awsapps.com/start
sso_registration_scopes = sso:account:access
$ aws sso login --profile my-new-sso
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:
https://device.sso.us-east-1.amazonaws.com/
Then enter the code:
REDACTED-REDACTED
Successfully logged into Start URL: https://d-REDACTED.awsapps.com/start package main
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config" // github.com/aws/aws-sdk-go-v2/config v1.25.5
"github.com/aws/aws-sdk-go-v2/service/s3" // github.com/aws/aws-sdk-go-v2/service/s3 v1.44.0
)
func main() {
cfg, err := config.LoadDefaultConfig(context.Background(),
config.WithSharedConfigProfile("my-new-sso"),
config.WithRegion("us-east-1"),
config.WithClientLogMode(aws.LogRequestWithBody|aws.LogResponseWithBody),
)
if err != nil {
fmt.Println("Error loading configuration:", err)
return
}
svc := s3.NewFromConfig(cfg)
result, err := svc.ListBuckets(context.Background(), &s3.ListBucketsInput{})
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("there are %v buckets", len(result.Buckets))
} The SDK is successfully pulling the SDK token. Here are the wire logs:
It would be helpful if one of you can look over my flow and see If I have something setup differently than you do. All the best, |
I've been running into this same problem. For me the fix was to remove the trailing |
Updating the version of my AWS CLI and then running |
|
This was my issue as well. It was happening with Terraform, weird that only happened when using s3 backend and not to the main provider |
Had this happen to me, updated the AWS CLI (aws-cli/2.17.60 -> aws-cli/2.17.62), updating go modules to latest and running again |
Describe the bug
When trying to use an AWS profile with AWS IAM Identity Center, the SDK is unable to find the cached SSO token file with the cached credentials.
Expected Behavior
I would expect that the SDK is able to use the SSO profile I have configured and find the cached credentials and use them to make a request.
Current Behavior
operation error IAM: ListGroups, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, failed to read cached SSO token file, open ~/.aws/sso/cache/9ed037b84943c4caa3a520e48a5540181c46c98c.json: no such file or directory
Reproduction Steps
Possible Solution
No response
Additional Information/Context
I have always made sure to run
aws sso login
before running my script to make sure my credentials are valid.My aws config file is setup as follows, redacting the real start URL, role names and account numbers:
I have tried the following:
running
aws sso login
running
rm -rf ~/.aws/sso/cache
and then runningaws --profile sandbox sso login
I have verified that the default profile is working as expected as that my token file is at
~/.aws/sso/cache/e3149f93119ef3ca1319b67a45b4c0563fc79ab5.json
AWS Go SDK V2 Module Versions Used
github.com/aws/aws-sdk-go-v2/config v1.18.33
github.com/aws/aws-sdk-go-v2/service/iam v1.22.2
Compiler and Version used
go version go1.20.7 darwin/arm64
Operating System and version
MacOS 13.5
The text was updated successfully, but these errors were encountered: