Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cli: unable to resolve AWS account to use with CLI with SSO #24744

Closed
astef opened this issue Mar 22, 2023 · 29 comments
Closed

cli: unable to resolve AWS account to use with CLI with SSO #24744

astef opened this issue Mar 22, 2023 · 29 comments
Assignees
Labels
@aws-cdk/aws-sso Related to the @aws-cdk/aws-sso package bug This issue is a bug. effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI

Comments

@astef
Copy link

astef commented Mar 22, 2023

Describe the bug

Approximately in 25% of npx cdk deploy --all --require-approval never runs, I'm getting this error:

~/rep/myproject/cdk> npx cdk deploy --all --require-approval never
Bundling asset MyData/keyGenerator/Code/Stage...
Bundling asset MyApi/statusFunction/Code/Stage...
Bundling asset MyApi/importFunction/Code/Stage...
Bundling asset MyApi/getReportFunction/Code/Stage...
Bundling asset MyApi/getMetricsFunction/Code/Stage...
[WARNING] aws-cdk-lib.aws_apigateway.RestApiProps#minimumCompressionSize is deprecated.
  - superseded by `minCompressionSize`
  This API will be removed in the next major release.

✨  Synthesis time: 7.83s

MyData: building assets...

MyApi: building assets...


 ❌ Building assets failed: Error: Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment, Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
    at buildAllStackAssets (/Users/me/rep/myproject/cdk/node_modules/.pnpm/aws-cdk@2.69.0/node_modules/aws-cdk/lib/index.js:374:115279)
    at async CdkToolkit.deploy (/Users/me/rep/myproject/cdk/node_modules/.pnpm/aws-cdk@2.69.0/node_modules/aws-cdk/lib/index.js:374:143496)
    at async exec4 (/Users/me/rep/myproject/cdk/node_modules/.pnpm/aws-cdk@2.69.0/node_modules/aws-cdk/lib/index.js:429:51795)

Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment, Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment

I've started to experience this after changing my env to the following:

~/.aws/config

[profile sandbox]
sso_session = sandbox
sso_account_id = 111111111111111
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session sandbox]
sso_start_url = https://example.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access
[profile staging]
sso_session = staging
sso_account_id = 222222222222
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session staging]
sso_start_url = https://example.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access

~/.aws/credentials - empty file

~/.zshrc

export AWS_DEFAULT_PROFILE=sandbox

This setup works perfectly for me, because I can switch profiles with only AWS_DEFAULT_PROFILE env variable. AWS SDK understands it and works perfectly.

For whatever reason, CDK tool sometimes fails in the middle of the deployment. After repeating the same command immediately, it succeeds.

Expected Behavior

Not to fail.

Current Behavior

Failure (sometimes)

Reproduction Steps

Didn't do, but I'm seeing this in different totally independent projects on same machine.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.69.0 (build 60a5b2a)

Framework Version

No response

Node.js Version

v16.19.1

OS

macOS Ventura 13.2.1

Language

Typescript

Language Version

TypeScript (4.9.5)

Other information

No response

@astef astef added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 22, 2023
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Mar 22, 2023
@pahud pahud changed the title cli: unable to resolve AWS account to use (race condition) cli: unable to resolve AWS account to use with CLI with SSO Mar 22, 2023
@pahud
Copy link
Contributor

pahud commented Mar 22, 2023

Thank you for your report. Yes I occasionally have this issue as well but I can't find the root cause. I am making it p1 bug here and we probably need more feedback before we can identify the root cause.

@pahud pahud added p1 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Mar 22, 2023
@pahud
Copy link
Contributor

pahud commented Mar 23, 2023

Hi

Does it work by running:

AWS_PROFILE=sandbox cdk synth

If it does not, can you share your log with -vv ?

For example:

AWS_PROFILE=sandbox cdk synth -vv | head -n 10

You should see logs like this

[19:43:25] Determining if we're on an EC2 instance.
[19:43:25] Does not look like an EC2 instance.
[19:43:25] Toolkit stack: CDKToolkit
[19:43:25] Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
[19:43:25] Resolving default credentials
[19:43:25] Reading cached notices from /Users/<deducted>/.cdk/cache/notices.json
[19:43:25] Looking up default account ID from STS
[19:43:26] [AWS sts 200 1.019s 0 retries] getCallerIdentity({})
[19:43:26] Default account ID: <deducted>
[19:43:26] Setting "CDK_DEFAULT_ACCOUNT" environment variable to <deducted>
[19:43:26] context: {

@pahud pahud added the @aws-cdk/aws-sso Related to the @aws-cdk/aws-sso package label Mar 27, 2023
@corymhall corymhall added p2 needs-reproduction This issue needs reproduction. and removed p1 labels May 2, 2023
@mfittko
Copy link

mfittko commented Jul 25, 2023

Having the same issue on like 1/5th of all cdk deploys and it's driving me nuts. Re-run usually works though.

@astef
Copy link
Author

astef commented Jul 26, 2023

I have the same symptom as mfittko mentioned. ~20% of time, and autoheals after rerun.

Error text:

 ❌ Deployment failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
    at SdkProvider.resolveEnvironment (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:310:47706)
    at async Deployments.prepareSdkFor (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:400:7608)
    at async Deployments.isSingleAssetPublished (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:400:11801)
    at async WorkGraph.removeUnnecessaryAssets (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:400:137364)
    at async CdkToolkit.removePublishedAssets (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:402:5081)
    at async CdkToolkit.deploy (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:400:152337)
    at async exec4 (/Users/astef/proj/cdk/node_modules/.pnpm/aws-cdk@2.81.0/node_modules/aws-cdk/lib/index.js:455:51970)

The environment is the same, as I posted, but CDK version is now 2.79.0 (build e4a2c01)

I think it was ok for at least one version between 2.69.0 and 2.79.0

@GritWins
Copy link

I have been trying to resolve this for a few hours now and almost tried everything said/suggested in different Github issues and Tickets.

  1. Combined the .aws/config and .aws/credentials file
  2. Matched the profile name between both files
  3. Removed the default profile entirely from both files
  4. added profile keyword into the cdk.json
  5. Reinstalled aws-cdk
  6. tried directly running cdk bootstrap ACCOUNTNO/REGION
  7. Tried setting NODE_TLS_REJECT_UNAUTHORIZED=0.

I don't remember spending this much time just for authentication so far in any of the tools.

awscli version - aws-cli/2.13.3 Python/3.11.4 Darwin/22.1.0 exe/x86_64 prompt/off
cdk npm version - 2.96.2 (build 3edd240)

CDK was supposed to help me automate things and reduce my load but now am spending lot of time in setting up the CDK itself 👎 😒

@m6a-UdS
Copy link

m6a-UdS commented Oct 3, 2023

I just wanted to add that in my case, it looks like it has something to do with the browser: When it happens (that my SSO session expired, but randomly seem not to be able to re-login), copy-pasting the URL in another browser and completing the login cycle there seems to solve the problem.

@jwholme2
Copy link

jwholme2 commented Oct 9, 2023

I just wanted to add that in my case, it looks like it has something to do with the browser: When it happens (that my SSO session expired, but randomly seem not to be able to re-login), copy-pasting the URL in another browser and completing the login cycle there seems to solve the problem.

I have the same results. My SSO session has expired, so I login via the browser again, restart vs code, and everything seems to work.

@object-Object
Copy link

One possible workaround is to add a script or command to the build property in cdk.json which raises an error if the CDK_DEFAULT_ACCOUNT environment variable is not set. This doesn't fix the issue, but it causes the synth/deploy to fail much earlier than it otherwise would - I've found it very helpful.

@calid
Copy link

calid commented Dec 4, 2023

I also get the "Unable to resolve AWS account to use" error when my sso session has expired. I am able to fix by running
aws sso login.

$ cdk deploy -v --profile foo
...
 ❌ Deployment failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
    at SdkProvider.resolveEnvironment (/home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:384:14622)
    at async Deployments.prepareSdkFor (/home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:424:7691)
    at async Deployments.isSingleAssetPublished (/home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:424:11602)
    at async /home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:424:165621
[11:20:33] Reading cached notices from /home/dmc/.cdk/cache/notices.json

Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
[11:20:33] Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
    at SdkProvider.resolveEnvironment (/home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:384:14622)
    at async Deployments.prepareSdkFor (/home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:424:7691)
    at async Deployments.isSingleAssetPublished (/home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:424:11602)
    at async /home/dmc/.nvm/versions/node/v18.18.0/lib/node_modules/aws-cdk/lib/index.js:424:165621

After aws sso login:

$ cdk deploy -v --profile foo
...
Do you wish to deploy these changes (y/n)?

I can also repro and re-trigger the error simply by running aws sso logout

My ~/.aws/config is structured like:


[sso-session my_session]
sso_start_url = https://d-xxxxxxxxxx.awsapps.com/start
sso_region = us-east-1

[default]
sso_session = my_session

[profile profile_a]
sso_session = my_session
sso_account_id = 01234
sso_role_name = MyRole
region = us-east-1

[profile profile_b]
sso_session = my_session
sso_account_id = 56789
sso_role_name = MyRole
region = us-east-1

@drewmullen
Copy link

ive been using AWS sso temp creds for weeks. not really had an issue till tonight. same issue as described above

@mfittko
Copy link

mfittko commented Dec 29, 2023

I have been getting this issue on multiple systems with various cdk CLI versions and it never disappeared to date. It drove me so nuts, that I have created a command wrapper script that actually ensures that I am logged in as it is using aws cli to retrieve the current profile's account ID. I pass this profile into the cdk command and I am 100% sure that I even set the AWS_ACCOUNT_ID env variable and the AWS_PROFILE env variable, but still, I am sometimes getting this!

So I am also setting CDK_DEFAULT_ACCOUNT now when constructing/running the cdk command from my wrapper tool, which should hopefully "fix" the issue.

@jedrekdomanski
Copy link
Contributor

I have the same problem. I have 3 different profiles of which 2 are configured with sso and one is my private account and I see this in the logs

Unable to determine the default AWS account (ProcessCredentialsProviderFailure): Profile jedrek did not include credential process

~/.aws/.config

[profile jedrek]
region = eu-central-1
output = json
cli_pager =

~/.aws/.credentials

[jedrek]
AWS_ACCESS_KEY_ID=xxxxxxx
AWS_SECRET_ACCESS_KEY=xxxxxx

I can list my files in my S3 bucket aws s3 ls and it gives me proper result so my account is 100% configured correctly.

I just want to mention that CDK used to work for me before I configured the two SSO accounts in AWS CLI.

Is there a fix for this? I simply cannot deploy my stack to AWS now at all :(

@mfittko
Copy link

mfittko commented Jan 14, 2024

Did you try setting the account id via CDK_DEFAULT_ACCOUNT? I know it's an ugly hack and something in cdk is broken, but that helped for me.

@jedrekdomanski
Copy link
Contributor

Did you try setting the account id via CDK_DEFAULT_ACCOUNT? I know it's an ugly hack and something in cdk is broken, but that helped for me.

Of course I did and it still doesn't work. I even did export CDK_DEFAULT_ACCOUNT=xxxxx and export CDK_DEFAULT_REGION=eu-central-1 and then I get a different error:

❌ Deployment failed: Error: Need to perform AWS calls for account xxxxxx, but no credentials have been configured

@mfittko
Copy link

mfittko commented Mar 5, 2024

we're still all getting this intermittently when running cdk commands, even if setting CDK_DEFAULT_ACCOUNT and the aws account on the stacks. Any plans on tackling this?

@pahud pahud removed the p2 label Mar 5, 2024
@pahud pahud added p1 and removed needs-reproduction This issue needs reproduction. labels Mar 5, 2024
@jrbryo
Copy link

jrbryo commented Apr 17, 2024

I just saw this as well. I restarted my terminal session and everything worked again.

@DimitriosKay
Copy link

DimitriosKay commented Apr 23, 2024

Having the same issues come out of nowhere, running for a week now.

Tried all the common suggestions:
logging out and in (restarting terminals), using a different browser to authenticate, with/without default profile, with/without a .aws/credentials file

Still getting the:
Unable to determine the default AWS account (ProcessCredentialsProviderFailure): Profile X did not include credential process

Here is my .aws/config:

[profile main]
sso_session = user
sso_account_id = XXX
sso_role_name = AdministratorAccess
region = eu-west-2
output = json
[profile support]
sso_session = user
sso_account_id = XXX
sso_role_name = SupportAccess
region = eu-west-2
output = json
[sso-session user]
sso_start_url = https://samp.awsapps.com/start/#
sso_region = eu-west-2
sso_registration_scopes = sso:account:access

Correct me if I'm wrong, but the idea behind this sso-session block above is so you don't input AWS_ACCESS_KEY_ID=xxxxxxx and AWS_SECRET_ACCESS_KEY=xxxxxx.

Should also add, I have replicated the exact same setup on a different machine and it works just fine. AWS CLI works fine even where CDK doesn't.
What does CDK do under the hood that can cause it not to recognise the files under .aws/sso/cache ? (if that's at all what it pulls when you run an aws sso login)

Dev Environment:
CDK: 2.137.0
CLI: 2.15.40

EDIT (fix for users with ESET Security on Windows):

Had the notion something must have changed on my work environment, things that have been working for a year don't just break.
I'm on Windows and have ESET Security set up.
Long story short ESET had an update exactly one week ago (17 April) and that took out my npm and cdk. Seems to be something to do with certificates.

To those who have been facing CDK ProcessCredentialsProviderFailure issues, have a dig at the below links.
Fix is simple if you are a Windows user with an ESET Security install.

https://stackoverflow.com/a/78347970/11131550
https://forum.eset.com/topic/40702-eset-ssl-protection-produces-an-invalid-certificate-chain-for-nodejs-apps/

@calid
Copy link

calid commented Apr 23, 2024

@DimitriosKay try adding a default section with your sso-session set:

[sso-session user]
sso_start_url = https://samp.awsapps.com/start/#
sso_region = eu-west-2
sso_registration_scopes = sso:account:access

[default]
sso_session = user

@DimitriosKay
Copy link

@calid I have this in and out at times. Mostly it allows me not to specify a profile on sso login so far.
I have updated my comment with my solution to the issue. Very specific case no doubt, but it may help someone.

@kevin-donovan-zocdoc
Copy link

Hi is there any update on this? None of the workarounds work for me. I don't see this issue all of the time, but once I hit it, I get it consistently.

@mfittko
Copy link

mfittko commented Apr 30, 2024

I built a small ruby based CLI tools and wrapped all my cdk calls in a retry method that calls aws sso login if the cdk call fails and retries 😅

@oosawy
Copy link

oosawy commented May 4, 2024

After this error occurs many times, with aws sso login then cdk with --profile instead of AWS_PROFILE env like cdk bootstrap --profile oosawy-dev worked for me.

And this error occurred again with cdk bootstrap even cdk bootstrap --profile $AWS_PROFILE works.

Does cdk not support even a basic AWS_PROFILE env?

@gdratp
Copy link

gdratp commented Jun 17, 2024

In my case unless I export it explicitly it won't work.
AWS_PROFILE=profile-name npx cdk deploy doesn't work. But
export AWS_PROFILE=profile-name; npx cdk deploy does work.

@maxsitu
Copy link

maxsitu commented Jul 24, 2024

I got the same issue. And I finally solved it by bootstraping CDK, running

npx cdk bootstrp aws://${AWS_ACCT_ID}/${AWS_REGION} --profile ${AWS_PROFILE}

@ChrisBoik
Copy link

Found a solution for me, hope it helps someone:

I have both SSO profiles & credentials defined (including default).

I deleted (saved elsewhere) the config file contents, and simply placed a single [default] credential in credentials file (using access key format) and then set AWS_PROFILE=default (probably not necessary). Then ran my commands (in my case npx ampx sandbox --debug for amplify gen 2) and it finally stopped giving me the error which links to this issue. (see below error)

Amplify Gen 2 (nppx ampx sandbox) command error: > Unable to resolve AWS account to use. It must be either configured when you define e environment

Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the env
Caused By: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or thro

Resolution: You can retry your last request as this is most likely a transient issue: https://github.com/aws/aws-cdk/rsists ensure your local AWS credentials are valid.

@otaviomacedo otaviomacedo self-assigned this Oct 2, 2024
@TheRealAmazonKendra
Copy link
Contributor

I'm fairly certain this should have been fixed when we upgraded our AWS SDK to v2.1691.0 because of aws/aws-sdk-js#4443. Can you please upgrade your cdk cli to our most recent version and see if this is still impacting you?

If it is, you should see a resolution when #31702 is merged.

@TheRealAmazonKendra TheRealAmazonKendra self-assigned this Oct 10, 2024
@mfittko
Copy link

mfittko commented Oct 10, 2024

I can confirm that this has been fixed for us for a while now, cannot exactly say when and how, but it definitely did not occur any more lately. If so, thanks a lot, this was always pretty annoying!

@otaviomacedo otaviomacedo added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Oct 25, 2024
@otaviomacedo
Copy link
Contributor

Waiting for more people to confirm the fix before closing the issue.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Oct 25, 2024
otaviomacedo added a commit that referenced this issue Nov 12, 2024
This PR updates the CDK CLI to use the AWS SDK V3 instead of V2. 

### Manual Test Cases for Authorization
All tests were run verbosely so that I could manually check the
credentials being used from the CLI output.

- [x] No credentials setup and no default profile fails as expected
(established to ensure nothing was unintentionally setup)
- [x] Explicitly provided profile sourced from config file, tested with
both `--profile` and `AWS_PROFILE`
  - [x] `aws_access_key_id` and `aws_secret_access_key`
  - [x] `aws_access_key_id` and `aws_secret_access_key` and `region`
- [x] `source_profile` and `role_arn` that points to another profile
with `aws_access_key_id` and `aws_secret_access_key` in both config and
credentials
  - [x] `source_profile` and `role_arn` that points to Environment
- [x] `source_profile` that and `role_arn` that points to SSO profile in
both config and credentials
- [x] SSO both using all fields in `[profile]` and split between
`[sso-session]` and `[profile]`
  - [x] `credential_source` is Environment
  - [x] `credential_process`
- [x] Explicitly provided profile sourced from  credentials file
  - [x] `aws_access_key_id` and `aws_secret_access_key`
  - [x] `aws_access_key_id` and `aws_secret_access_key` and `region`
- [x] `source_profile` and `role_arn` that points to another profile
with `aws_access_key_id` and `aws_secret_access_key` in both config and
credentials
  - [x] `source_profile` and `role_arn` that points to Environment
- [x] `source_profile` that and `role_arn` that points to SSO profile in
both config and credentials
  - [x]  `credential_source` is Environment
  - [x] `credential_source` is EcsContainer (integ tests in CodeBuild)
  - [x] `credential_process`
- [x] Default profile (in both config file and credentials file)
- [x] `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment
variables set (cleared after test)
- [x] `AMAZON_ACCESS_KEY_ID` and `AMAZON_SECRET_ACCESS_KEY` environment
variables set (cleared after test)
  - [x] `aws_access_key_id` and `aws_secret_access_key`
  - [x] `aws_access_key_id` and `aws_secret_access_key` and `region`
- [x] `source_profile` and `role_arn` that points to a profile with
`aws_access_key_id` and `aws_secret_access_key`
- [x] `source_profile` and `role_arn` that points to Environment (this
will use `fromEnv` prior to getting to looking for `source_profile` in
the Ini file)
  - [x] SSO profile is setup as default 
  - [x] `credential_process`

Closes #25870, #26292, #20956, #24744, #27265, 20896.

### Reason for this change

The AWS SDK V2 is now in maintenance mode.

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: Otavio Macedo <288203+otaviomacedo@users.noreply.github.com>
Co-authored-by: Rico Huijbers <rix0rrr@gmail.com>
otaviomacedo pushed a commit that referenced this issue Nov 12, 2024
This PR updates the CDK CLI to use the AWS SDK V3 instead of V2.

### Manual Test Cases for Authorization
All tests were run verbosely so that I could manually check the
credentials being used from the CLI output.

- [x] No credentials setup and no default profile fails as expected
(established to ensure nothing was unintentionally setup)
- [x] Explicitly provided profile sourced from config file, tested with
both `--profile` and `AWS_PROFILE`
  - [x] `aws_access_key_id` and `aws_secret_access_key`
  - [x] `aws_access_key_id` and `aws_secret_access_key` and `region`
- [x] `source_profile` and `role_arn` that points to another profile
with `aws_access_key_id` and `aws_secret_access_key` in both config and
credentials
  - [x] `source_profile` and `role_arn` that points to Environment
- [x] `source_profile` that and `role_arn` that points to SSO profile in
both config and credentials
- [x] SSO both using all fields in `[profile]` and split between
`[sso-session]` and `[profile]`
  - [x] `credential_source` is Environment
  - [x] `credential_process`
- [x] Explicitly provided profile sourced from  credentials file
  - [x] `aws_access_key_id` and `aws_secret_access_key`
  - [x] `aws_access_key_id` and `aws_secret_access_key` and `region`
- [x] `source_profile` and `role_arn` that points to another profile
with `aws_access_key_id` and `aws_secret_access_key` in both config and
credentials
  - [x] `source_profile` and `role_arn` that points to Environment
- [x] `source_profile` that and `role_arn` that points to SSO profile in
both config and credentials
  - [x]  `credential_source` is Environment
  - [x] `credential_source` is EcsContainer (integ tests in CodeBuild)
  - [x] `credential_process`
- [x] Default profile (in both config file and credentials file)
- [x] `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment
variables set (cleared after test)
- [x] `AMAZON_ACCESS_KEY_ID` and `AMAZON_SECRET_ACCESS_KEY` environment
variables set (cleared after test)
  - [x] `aws_access_key_id` and `aws_secret_access_key`
  - [x] `aws_access_key_id` and `aws_secret_access_key` and `region`
- [x] `source_profile` and `role_arn` that points to a profile with
`aws_access_key_id` and `aws_secret_access_key`
- [x] `source_profile` and `role_arn` that points to Environment (this
will use `fromEnv` prior to getting to looking for `source_profile` in
the Ini file)
  - [x] SSO profile is setup as default
  - [x] `credential_process`

Closes #25870, #26292, #20956, #24744, #27265, 20896.

### Reason for this change

The AWS SDK V2 is now in maintenance mode.

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: Otavio Macedo <288203+otaviomacedo@users.noreply.github.com>
Co-authored-by: Rico Huijbers <rix0rrr@gmail.com>

(cherry picked from commit 5bc0662)
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
@aws-cdk/aws-sso Related to the @aws-cdk/aws-sso package bug This issue is a bug. effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Development

No branches or pull requests