future-receptionist-60599
12/08/2022, 2:36 PMDetails: loading configuration: profile "value-dev" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
When I add the missing parameters, I get error:
Error: failed to refresh cached credentials, the SSO session has expired or is invalid: open /Users/my-user/.aws/sso/cache/5b4332413256eb7492af48c99f1ed4408c4ad28e.json: no such file or directory
.aws/config:
[profile value-dev]
sso_session = my-sso
sso_account_id = 12341234123
sso_role_name = PowerUserAccess
region = eu-north-1
output = json
[sso-session my-sso]
sso_start_url = <https://my-sso.awsapps.com/start>
sso_region = eu-west-1
sso_registration_scopes = sso:account:access
Some version details:
$ aws --version
aws-cli/2.9.4 Python/3.11.0 Darwin/21.6.0 source/arm64 prompt/off
$ pulumi version
v3.48.0
Any help on this is appreciated!fierce-ability-58936
12/08/2022, 7:24 PM[profile xxx]
sso_start_url = <https://xxx.awsapps.com/start#/>
sso_region = ap-southeast-2
sso_account_id = 123456789
sso_role_name = AdministratorAccess
region = ap-southeast-2
aws_account_id = xxx-sso
Works with any tool (awscli, pulumi, terraform)future-receptionist-60599
12/08/2022, 8:18 PMerror: unable to validate AWS credentials.
Details: no valid credential sources for found.
Please see
for more information about providing credentials.
Error: failed to refresh cached credentials, the SSO session has expired or is invalid: open /Users/my_user/.aws/sso/cache/5b4332413256eb7492af48c99f1ed4408c4ad28e.json: no such file or directory
This is my profile in ~/.aws/config
[profile my-profile]
sso_start_url = <https://xxx.awsapps.com/start>
sso_region = eu-west-1
sso_account_id = 123415123123
sso_role_name = PowerUserAccess
region = eu-north-1
output = json
sparse-gold-10561
12/12/2022, 8:52 PMfierce-ability-58936
12/12/2022, 9:15 PMaws sso login --profile xxx
pretty often.
Not sure about the complaints about the cache, though, I'd try to remove it if it still doesn't work. Maybe check if the directory /Users/my_user/.aws/sso/cache/ exists firsttfuture-receptionist-60599
12/13/2022, 5:55 AMfierce-ability-58936
12/13/2022, 7:01 PMaws --profile value-dev sts get-caller-identity
future-receptionist-60599
12/14/2022, 6:49 AMaws configure sso
and left the SSO session name
empy (as in the screenshot) it started working. Now both awscli and pulumi works.
BUT
If I try to destroy a already created stack created by manually creating a profile in `~/.aws/credentials`:
[806232589401_AdministratorAccess]
aws_access_key_id=<access_key>
aws_secret_access_key=<secret_key>
aws_session_token=<session_token>
The destroy does not work with those profiles created with aws configure sso
, instead I get error:
error: 1 error occurred:
* error retrieving account details: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 3 errors occurred:
* failed getting account information via iam:GetUser: operation error IAM: GetUser, https response error StatusCode: 403, RequestID: c8c05dfc-6d04-4fc4-a3f9-d61b3ca98aa1, api error ExpiredToken: The security token included in the request is expired
* error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 0967fe21-111a-4608-90f7-51f42afd87a0, api error ExpiredToken: The security token included in the request is expired
* failed getting account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: a28cce26-ac6d-464c-b10b-a411776f4878, api error ExpiredToken: The security token included in the request is expired