Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing session token via -s argument fails #3

Open
RyanGandrud opened this issue May 7, 2020 · 9 comments
Open

Passing session token via -s argument fails #3

RyanGandrud opened this issue May 7, 2020 · 9 comments
Assignees
@aph3rson
Labels
bug Something isn't working implemented This issue or pull request has been implemented, and is waiting for RC/deployment.

Comments

@RyanGandrud
Copy link

  • AWS Consoler version: Latest
  • Python version: 3.8.2
  • Operating System: Latest Kali

Description

Attempting to pass the access key, secret key, and session token via CLI arguments failed with the following error. Attempted wrapping arguments in quotes as well. I was able to get around this by creating a profile and using the -p argument instead.

What I Did

aws_consoler -v -a A[REDACTED]V -s [REDACTED] -t IQoJb3JpZ2luX2VjEIf//////////wEaC[REDACTED]A==
2020-05-07 13:45:03,278 [aws_consoler.cli] INFO: Validating arguments...
2020-05-07 13:45:03,278 [aws_consoler.cli] INFO: Calling logic.
2020-05-07 13:45:03,284 [aws_consoler.logic] INFO: Session using credential variables established.
2020-05-07 13:45:03,578 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::5[REDACTED].
2020-05-07 13:45:03,578 [aws_consoler.cli] CRITICAL: expected string or bytes-like object
@aph3rson
Copy link
Contributor

aph3rson commented May 7, 2020

Can you re-run with -vv? The fact that it was able to create a session tells me the token is valid, but it's having issues with picking up the token value for some reason.

@aph3rson aph3rson mentioned this issue May 7, 2020
Open
@RyanGandrud
Copy link
Author

Ran the same command with -vv. Output is below.

2020-05-07 14:01:23,282 [aws_consoler.cli] INFO: Validating arguments...
2020-05-07 14:01:23,282 [aws_consoler.cli] INFO: Calling logic.
2020-05-07 14:01:23,282 [aws_consoler.logic] DEBUG: Establishing Boto3 session.
2020-05-07 14:01:23,282 [aws_consoler.logic] DEBUG: Using CLI-provided credentials.
2020-05-07 14:01:23,288 [aws_consoler.logic] INFO: Session using credential variables established.
2020-05-07 14:01:23,584 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::5[REDACTED].
2020-05-07 14:01:23,584 [aws_consoler.cli] CRITICAL: expected string or bytes-like object

Interesting note. Running as the same user was then working using the command line arguments. I believe this is due to me running

aws configure

I created a new user and ran first command here and replicated the issue. So this may be due to not having aws cli configured in the first place.

@aph3rson
Copy link
Contributor

aph3rson commented May 7, 2020

I suspect this is an issue with AWS Consoler not knowing what region to use - as of v1.1.0, a region is required to detect what partition should be authenticated to.

However, it doesn't look like there's a good base case (should default to the standard partition) - I'll have to make some changes to make it easier for folks.
In the short-term, you can fix this by passing -R us-east-1 on the command line.

@RyanGandrud
Copy link
Author

You seem to be correct. Passing the region yields a federation URL to use. Thanks for the quick fix!

@aph3rson aph3rson self-assigned this May 7, 2020
@aph3rson aph3rson added the bug Something isn't working label May 7, 2020
aph3rson added a commit to aph3rson/aws_consoler that referenced this issue May 7, 2020
@aph3rson
Add basecase for no region
6185395 
Working with changes in v1.1.0, support cases where no region is
supplied.

Works on NetSPI#3.
aph3rson added a commit to aph3rson/aws_consoler that referenced this issue May 7, 2020
@aph3rson
Merge branch 'issues/3' into develop
78d62ac 
Closes NetSPI#3.
@aph3rson aph3rson added the implemented This issue or pull request has been implemented, and is waiting for RC/deployment. label May 7, 2020
@aph3rson
Copy link
Contributor

aph3rson commented May 7, 2020
edited
Loading

@RyanGandrud This has been included in 1.1.1. Please give v1.1.1-rc.1 a shot from the releases page, and let me know if it works for you.

@RyanGandrud
Copy link
Author

That works! Assumes standard aws region and outputs a message stating as much.

@johnsaigle
Copy link

Had the same issue. Is this project still maintained? Maybe 1.1.1 should be released officially.

@aph3rson
Copy link
Contributor

@johnsaigle I'm no longer with the organization, I'd have to check if there's someone able to merge the changes in. You can use the workaround documented above, or grab the rc1 version.

@johnsaigle
Copy link

Sounds good, thanks for the response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aph3rson aph3rson

Labels
bug Something isn't working implemented This issue or pull request has been implemented, and is waiting for RC/deployment.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aph3rson @RyanGandrud @johnsaigle