Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sso_region is ignored when region differs in profile #8668

Open
jzelinskie opened this issue May 3, 2024 · 3 comments
Open

sso_region is ignored when region differs in profile #8668

jzelinskie opened this issue May 3, 2024 · 3 comments
Assignees
@RyanFitzSimmonsAK
Labels
bug This issue is a bug. credential-provider p3 This is a minor priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@jzelinskie
Copy link

Describe the bug

Given an AWS config with a single session and two profiles, if the profiles differ in region, the session cannot be shared, even if the sso-region is the same.

Expected Behavior

A login session from profile-east can be shared with profile-west

Current Behavior

A login to profile-east will not share a session with profile-west, despite having the same sso-region.

Reproduction Steps

$ cat ~/.aws/config
[sso-session my-session]
sso_start_url = https://my-org.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access

[profile profile-east]
sso_session = mysession
sso_role_name = admin
sso_account_id = 1110987654321
region = us-east-1

[profile profile-west]
sso_session = mysession
sso_role_name = admin
sso_account_id = 1234567891011
region = us-west-2

$ aws sso login --profile profile-east
...

$ aws eks list-clusters --profile profile-west

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.15.42 Python/3.11.9 Darwin/23.4.0 source/arm64 prompt/off

Environment details (OS name and version, etc.)

macOS 14.4.1
@jzelinskie jzelinskie added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 3, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK self-assigned this May 7, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK added investigating This issue is being investigated and/or work is in progress to resolve the issue. credential-provider p3 This is a minor priority issue and removed needs-triage This issue or PR still needs to be triaged. labels May 7, 2024
@RyanFitzSimmonsAK
Copy link
Contributor

RyanFitzSimmonsAK commented May 7, 2024
edited

Hi @jzelinskie, thanks for reaching out. I wasn't able to reproduce this behavior. I have one sso-session with sso_region = us-west-2. I have two profiles with different regions (us-west-2 and us-west-1) that are otherwise identical. In my testing, I was able to access resources from my us-west-1 profile after logging into my us-west-2 profile. Am I misunderstanding the issue in some way?

Could you tell me exactly what error you're getting? Debug logs would be appreciated. You can get debug logs by adding --debug to your command, and redacting any sensitive information. Thanks!

@RyanFitzSimmonsAK RyanFitzSimmonsAK added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels May 7, 2024
@github-actions GitHub Actions
Copy link

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label May 17, 2024
@jzelinskie
Copy link
Author

Thanks for the --debug flag tip. I'll find some time to try this out with that flag to discover any new information.

@github-actions github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels May 20, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanFitzSimmonsAK RyanFitzSimmonsAK

Labels
bug This issue is a bug. credential-provider p3 This is a minor priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jzelinskie @RyanFitzSimmonsAK