Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does not work with aws-okta or aws-vault #7

Closed
argais opened this issue Jul 15, 2018 · 6 comments
Closed

Does not work with aws-okta or aws-vault #7

argais opened this issue Jul 15, 2018 · 6 comments

Comments

@argais
Copy link

argais commented Jul 15, 2018

These two tools allow you to save your credentials in the keychain instead of the plain text file in .aws/credentials, and they work just fine with other apps that use the aws go sdk.

But whenever I try to use saw with them I get:

➜ aws-okta exec myprofile -- saw groups
panic: SharedConfigAssumeRoleError: failed to load assume role for arn:aws:iam::REDACTED:role/secondary-role, source profile has no shared credentials

goroutine 1 [running]:
github.com/TylerBrock/saw/vendor/github.com/aws/aws-sdk-go/aws/session.Must(0x0, 0x156ea60, 0xc4200693b0, 0x0)
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/vendor/github.com/aws/aws-sdk-go/aws/session/session.go:274 +0x54
github.com/TylerBrock/saw/blade.NewBlade(0x17a8fc0, 0x17a8840, 0x0, 0x4)
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/blade/blade.go:49 +0x16a
github.com/TylerBrock/saw/cmd.glob..func3(0x17a3620, 0x17c6788, 0x0, 0x0)
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/cmd/groups.go:19 +0x46
github.com/TylerBrock/saw/vendor/github.com/spf13/cobra.(*Command).execute(0x17a3620, 0x17c6788, 0x0, 0x0, 0x17a3620, 0x17c6788)
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/vendor/github.com/spf13/cobra/command.go:766 +0x2c1
github.com/TylerBrock/saw/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x17a3880, 0x0, 0x14edded, 0x23)
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/vendor/github.com/spf13/cobra/command.go:852 +0x30a
github.com/TylerBrock/saw/vendor/github.com/spf13/cobra.(*Command).Execute(0x17a3880, 0xc420147f78, 0xc42009c058)
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/vendor/github.com/spf13/cobra/command.go:800 +0x2b
main.main()
	/Users/tbrock/Code/Go/src/github.com/TylerBrock/saw/saw.go:10 +0x2d
exit status 2

Lemme know if I can provide any other info.

@TylerBrock
Copy link
Owner

Thanks for reporting this. I've never used aws-vault or okta so I apologize for it not working straight away. Shouldn't be too tough to figure out though.

@argais
Copy link
Author

argais commented Jul 18, 2018 via email

@TylerBrock
Copy link
Owner

Was just reading about this a bit, can you describe your configuration a little bit more?

In the aws-vault docs it says for you profile to assume a role your ~/.aws/config should look something like what they have here where read-only is the source profile and admin is the one having elevated privileges.

In your case I'd expect an entry for myprofile and one for secondary-role that references myprofile as the source. I'm new to aws-vault so forgive me if this is not on target but do you have something like that in your config?

@argais
Copy link
Author

argais commented Jul 22, 2018 via email

@udondan
Copy link

udondan commented Dec 4, 2018

aws-okta works fine for me together with saw. Lil wrapper in my .bashrc and instantly worked.

function saw {
        aws-okta exec "myprofile" -- saw "$@"
}

@arnuschky
Copy link

Works fine for me with aws-vault. Nothing special, just

aws-vault exec <profile> -- saw ...

@argais argais closed this as completed Jul 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants