Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please support Cognito authentication using roles #11

Open
cafl opened this issue Jul 30, 2019 · 5 comments
Open

Please support Cognito authentication using roles #11

cafl opened this issue Jul 30, 2019 · 5 comments

Comments

@cafl
Copy link

cafl commented Jul 30, 2019

It seems you only accept a key/password IAM credential. Using a role is a best practice. In the aws config file this is specified as follows (example from aws cli documentation):
[profile marketingadmin]
role_arn = arn:aws:iam::123456789012:role/marketingadminrole
credential_source = Ec2InstanceMetadata
@ophintor
Copy link

ophintor commented Aug 14, 2019
edited

This also does not work from a EC2 instance that has an instance profile assigned and therefore straight access to AWS. Why are you forcing the --profile or credential parameters?

This is the error I got:

$ cbr backup --region eu-west-2 --pool xxxxxx --dir /tmp/cognitobackup
fs.js:114
    throw err;
    ^

Error: ENOENT: no such file or directory, open '/home/ec2-user/.aws/credentials'
    at Object.openSync (fs.js:443:3)
    at Object.readFileSync (fs.js:343:35)
    at Object.readFileSync (/usr/lib/node_modules/cognito-backup-restore/node_modules/aws-sdk/lib/util.js:95:26)
    at IniLoader.parseFile (/usr/lib/node_modules/cognito-backup-restore/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
    at IniLoader.loadFrom (/usr/lib/node_modules/cognito-backup-restore/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
    at Object.<anonymous> (/usr/lib/node_modules/cognito-backup-restore/build/cli/options.js:48:39)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)

@vladistan
Copy link
Contributor

This is actually very easy to fix. Somebody already done that

jakubkrzykowski@0340e77

I have his commit in my own fork of this repo. What's missing before it's final is to make some type of parameter to switch to this behavior

@steveizzle steveizzle mentioned this issue Apr 11, 2020
Merged
@rahulpsd18
Copy link
Owner

Can you please try using v1.3.1 and let me know if this is fixed?

@idharper
Copy link

idharper commented Aug 6, 2020

I am trying v1.3.2 but it is still looking in .aws/credentials even when I give it a profile from .aws/config which has a role.

I am trying
cbr backup --profile my-role --region us-east-2 --userpool all

But it comes back asking for my AWS profile and offering the 2 I have in .aws/credential

Am I doing something wrong ?

@rutabagaman
Copy link

I am trying v1.3.2 but it is still looking in .aws/credentials even when I give it a profile from .aws/config which has a role.
I am trying
cbr backup --profile my-role --region us-east-2 --userpool all
But it comes back asking for my AWS profile and offering the 2 I have in .aws/credential
Am I doing something wrong ?

I have this exact same issue with v1.3.2. I have an .aws/credentials file and an .aws/config file with the role. It keeps prompting me for the 2 entries I have in .aws/credential and ignores the profile name i passed in.

Any resolution on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@vladistan @cafl @ophintor @rutabagaman @idharper @rahulpsd18