Comments (4)
Ran into this again with a user who had no ~/.aws/credentials
file in place.
Created the dummy file as shown in my initial comments and it did allow him to work.
I think either gimme-aws-creds should create the file when it is missing, or give an error for that condition with reference to the file format that will fix the problem.
from gimme-aws-creds.
Do you have anything special in ~/.aws/config
? It looks Boto doesn't like the fact that the "cloud-admin" profile is referenced in there before it has been creaetd in the credentials file.
from gimme-aws-creds.
the ~/.aws/config file has the profile mapping like
[profile wf-web]
source_profile = cloud-admin
role_arn = arn:aws:iam::xxxxxxxxx:role/admin
there is no profile "cloud-admin" since it is only used to assume roles.
Note that if I remove the ~/.aws/credentials file, I also don't error out.
RobWeaver:.aws robweaver$ gimme-aws-creds --config
If you'd like to assign the Okta configuration to a specific profile
instead of to the default profile, specify the name of the profile.
This is optional.
Okta Configuration Profile Name [DEFAULT]:
Enter the Okta URL for your organization. This is https://something.okta[preview].com
Okta URL for your organization [https://workfront.okta.com]:
Enter the URL for the gimme-creds-server or 'internal' for handling Okta APIs locally.
URL for gimme-creds-server [appurl]:
Enter the application link. This is https://something.okta[preview].com/home/amazon_aws/<app_id>/something
Application url [https://workfront.okta.com/home/amazon_aws/0oayn19za99iEjE4N2p6/272?fromHome=true]:
Do you want to write the temporary AWS to ~/.aws/credentials?
If no, the credentials will be written to stdout.
Please answer y or n.
Write AWS Credentials [n]: y
Do you want to resolve aws account id to aws alias ?
Please answer y or n.
Resolve AWS alias [n]:
Enter the ARN for the AWS role you want credentials for. 'ALL' will retrieve all roles.
This is optional, you can select the role when you run the CLI.
AWS Role ARN:
If you'd like to set your okta username in the config file, specify the username
.This is optional.
Okta User Name [robweaver]:
If you'd like to set the default session duration, specify it (in seconds).
This is optional.
AWS Default Session Duration [43200]:
If you'd like to set a preferred device type to use for MFA, enter it here.
This is optional. valid devices types:[sms, call, push, token, token:software:totp]
Preferred MFA Device Type:
The AWS credential profile defines which profile is used to store the temp AWS creds.
If set to 'role' then a new profile will be created matching the role name assumed by the user.
If set to 'default' then the temp creds will be stored in the default profile
If set to any other value, the name of the profile will match that value.
AWS Credential Profile [role]:
RobWeaver:.aws robweaver$ gimme-aws-creds
Using password from keyring for robweaver
Multi-factor Authentication required.
Pick a factor:
[ 0 ] token:software:totp( GOOGLE ) : [email protected]
Unknown MFA type: web
[ 2 ] sms: +1 XXX-XXX-4762
Selection: 0
Enter verification code: 402874
Authentication Success! Getting AWS Accounts
Pick a role:
[0] arn:aws:iam::252989011795:role/cloud-admin
Selection: 0
writing role arn:aws:iam::252989011795:role/cloud-admin to /Users/robweaver/.aws/credentials
RobWeaver:.aws robweaver$
from gimme-aws-creds.
Asked a follow-up question in #63
from gimme-aws-creds.
Related Issues (20)
- Individual Contributor License Agreement link is broken in CONTRIBUTING.md HOT 1
- [Bug] Okta MFA Verification requirement coming up each time command is run HOT 6
- Unable to use comments in .okta_aws_login_config HOT 4
- Got exception when running on windows 10 HOT 3
- Custom Domains Allowed in okta_org_url But Not app_url HOT 1
- 2 okta push instead of 1 HOT 4
- 400 Client Error: Bad Request for url https://trial-888888.okta.com/oauth2/v1/token HOT 3
- gimme-aws-creds command throw the error HOT 1
- User is forced to select mfa factor if they have setup both Okta Verify and Google Authenticator HOT 1
- Exception when encountering step-up auth with Duo Universal Prompt HOT 3
- open_browser doesn't work from config file HOT 1
- version 2.8 not available through brew on macOS HOT 1
- Does not work with Okta + Kolide HOT 1
- gimme-aws-creds version 2.8.0 fails with OAuth Client ID is required for Okta Identity Engine domains HOT 1
- v2.8.0 not available via Brew HOT 1
- Format of AWS profiles has changed in version 2.8.0 HOT 1
- AWS Format Roles Bug Fix for Homebrew HOT 3
- `force_classic` value is overridden by default when using profile inheritance
- Python error on Okta retrieval for 2.8.2
- 400 Client Error: Bad Request for url: HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gimme-aws-creds.