Terraform S3 backend with AWS SSO profile fails again #32684
Comments
|
I am using latest version of aws cli 2 ( aws --version $ terraform version
Terraform v1.3.8
on linux_amd64
$ aws --version
aws-cli/2.9.23 Python/3.11.2 Linux/5.4.0-139-generic source/x86_64.ubuntu.20 prompt/off
When i do aws configure sso
SSO session name (Recommended): xxxx
SSO start URL [None]: https://xxxxxx.awsapps.com/start
SSO region [None]: eu-west-1
SSO registration scopes [sso:account:access]:
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:
https://device.sso.eu-west-1.amazonaws.com/
Then enter the code:
LV....
The only AWS account available to you is: 34176412xxxx
Using the account ID 34176412xxxx
The only role available to you is: AdministratorAccess
Using the role name "AdministratorAccess"
CLI default client Region [None]: us-east-1
CLI default output format [None]: json
To use this profile, specify the profile name using --profile, as shown:
aws s3 ls --profile AdministratorAccess-34176412xxxx
it outputs an aws config file like: [profile AdministratorAccess-34176412XXX]
sso_session = test
sso_account_id = 34176412XXXX
sso_role_name = AdministratorAccess
region = us-east-1
output = json
sso_start_url = https://xxxxx.awsapps.com/start
sso_region = eu-west-1
[sso-session xxx]
sso_start_url = https://xxxxx.awsapps.com/start
sso_region = eu-west-1
sso_registration_scopes = sso:account:accessaws cli2 works fine: export AWS_PROFILE=AdministratorAccess-34176412XXXX
export AWS_DEFAULT_REGION=us-east-1
aws s3 ls
....
produces output
....
aws sts get-caller-identity (it also works)
aws sts get-caller-identity --no-cli-pager
{
"UserId": "AROAU7EV2UMVEXYYYYYY:[email protected]",
"Account": "34176412XXX",
"Arn": "arn:aws:sts::34176412XXX:assumed-role/AWSReservedSSO_AdministratorAccess_b6d5d75deb6254bb/[email protected]"
}But terraform outputs: terraform init -backend-config=backend_config/sbox.conf
Initializing modules...
Initializing the backend...
╷
│ Error: error configuring S3 Backend: Error creating AWS session: profile "AdministratorAccess-34176412xxx" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
│
│
╵
Also did what was working before: $ AWS_DEFAULT_PROFILE=AdministratorAccess-34176412xxxx terraform init -backend-config=backend_config/sbox.conf
Initializing modules...
Initializing the backend...
╷
│ Error: error configuring S3 Backend: Error creating AWS session: profile "AdministratorAccess-34176412xxxx" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
│
│
╵
$ AWS_PROFILE=AdministratorAccess-34176412xxxx terraform init -backend-config=backend_config/sbox.conf
Initializing modules...
Initializing the backend...
╷
│ Error: error configuring S3 Backend: Error creating AWS session: profile "AdministratorAccess-34176412xxxx" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
│
│ |
omerfsen
changed the title
|
relates to #32465 the s3 backend doesnt support sso session :( |
|
|
Duplicate of #28263 so will close this issue. Also workaround defined on hashicorp/terraform-provider-aws#28263 (comment) |
crw
added
bug
backend/s3
duplicate
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Originally posted by @github-actions[bot] in #28872 (comment)
The text was updated successfully, but these errors were encountered: