aws · mergify · Mar 21, 2022 · Feb 17, 2022 · Feb 17, 2022 · Feb 18, 2022
diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md
@@ -622,6 +622,11 @@ role_arn=arn:aws:iam::123456789123:role/role_to_be_assumed
 mfa_serial=arn:aws:iam::123456789123:mfa/my_user
 ```
 
+## SSO support
+
+If you create an SSO profile with `aws configure sso` and run `aws sso login`, the CDK can use those credentials
+if you set the profile name as the value of `AWS_PROFILE` or pass it to `--profile`.
+
 ## Configuration
 
 On top of passing configuration through command-line arguments, it is possible to use JSON configuration files. The

diff --git a/packages/aws-cdk/THIRD_PARTY_LICENSES b/packages/aws-cdk/THIRD_PARTY_LICENSES
@@ -357,7 +357,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 ----------------
 
-** aws-sdk@2.1089.0 - https://www.npmjs.com/package/aws-sdk/v/2.1089.0 | Apache-2.0
+** aws-sdk@2.1095.0 - https://www.npmjs.com/package/aws-sdk/v/2.1095.0 | Apache-2.0
 AWS SDK for JavaScript
 Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
@@ -3241,6 +3241,16 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
+----------------
+
+** aws-sdk@2.1089.0 - https://www.npmjs.com/package/aws-sdk/v/2.1089.0 | Apache-2.0
+AWS SDK for JavaScript
+Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+This product includes software developed at
+Amazon Web Services, Inc. (http://aws.amazon.com/).
+
+
 ----------------
 
 ** wrap-ansi@7.0.0 - https://www.npmjs.com/package/wrap-ansi/v/7.0.0 | MIT

diff --git a/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts b/packages/aws-cdk/lib/api/aws-auth/awscli-compatible.ts
@@ -42,6 +42,7 @@ export class AwsCliCompatible {
       const theProfile = options.profile;
       return new AWS.CredentialProviderChain([
         () => profileCredentials(theProfile),
+        () => new AWS.SsoCredentials({ profile: theProfile }),
         () => new AWS.ProcessCredentials({ profile: theProfile }),
       ]);
     }
@@ -53,6 +54,11 @@ export class AwsCliCompatible {
       () => new AWS.EnvironmentCredentials('AMAZON'),
     ];
 
+    if (process.env.AWS_PROFILE) {
+      await forceSdkToReadConfigIfPresent();
+      sources.push(() => new AWS.SsoCredentials({ profile: implicitProfile }));
+    }
+
     if (await fs.pathExists(credentialsFileName())) {
       // Force reading the `config` file if it exists by setting the appropriate
       // environment variable.

diff --git a/packages/aws-cdk/package.json b/packages/aws-cdk/package.json
@@ -94,7 +94,7 @@
     "@aws-cdk/region-info": "0.0.0",
     "@jsii/check-node": "1.54.0",
     "archiver": "^5.3.0",
-    "aws-sdk": "^2.979.0",
+    "aws-sdk": "^2.1093.0",
     "camelcase": "^6.3.0",
     "cdk-assets": "0.0.0",
     "chokidar": "^3.5.3",

diff --git a/packages/aws-cdk/test/context-providers/amis.test.ts b/packages/aws-cdk/test/context-providers/amis.test.ts
@@ -3,7 +3,11 @@ import * as AWS from 'aws-sdk-mock';
 import { AmiContextProviderPlugin } from '../../lib/context-providers/ami';
 import { MockSdkProvider } from '../util/mock-sdk';
 
-AWS.setSDKInstance(aws);
+// If the 'aws-sdk' package imported here and the 'aws-sdk' package imported by 'aws-sdk-mock' aren't
+// the same physical package on disk (if version mismatches cause hoisting/deduping to not happen),
+// the type check here takes too long and makes the TypeScript compiler fail.
+// Suppress the type check using 'as any' to make this more robust.
+AWS.setSDKInstance(aws as any);
 
 afterEach(done => {
   AWS.restore();

diff --git a/packages/aws-cdk/test/context-providers/asymmetric-vpcs.test.ts b/packages/aws-cdk/test/context-providers/asymmetric-vpcs.test.ts
@@ -3,7 +3,11 @@ import * as AWS from 'aws-sdk-mock';
 import { VpcNetworkContextProviderPlugin } from '../../lib/context-providers/vpcs';
 import { MockSdkProvider } from '../util/mock-sdk';
 
-AWS.setSDKInstance(aws);
+// If the 'aws-sdk' package imported here and the 'aws-sdk' package imported by 'aws-sdk-mock' aren't
+// the same physical package on disk (if version mismatches cause hoisting/deduping to not happen),
+// the type check here takes too long and makes the TypeScript compiler fail.
+// Suppress the type check using 'as any' to make this more robust.
+AWS.setSDKInstance(aws as any);
 
 afterEach(done => {
   AWS.restore();

diff --git a/yarn.lock b/yarn.lock
@@ -2562,7 +2562,22 @@ aws-sdk-mock@5.6.0:
     sinon "^11.1.1"
     traverse "^0.6.6"
 
-aws-sdk@^2.596.0, aws-sdk@^2.848.0, aws-sdk@^2.928.0, aws-sdk@^2.979.0:
+aws-sdk@^2.1093.0:
+  version "2.1095.0"
+  resolved "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1095.0.tgz#7847493b09a326a0613010ed9db53302f760edf6"
+  integrity sha512-OrZq2pTDsnfOJYsAdRlw+NXTGLQYqWldSZR3HugW8JT4JPWyFZrgB2yPP2ElFHX+4J4SZg5QvkAXl/7s9gLTgA==
+  dependencies:
+    buffer "4.9.2"
+    events "1.1.1"
+    ieee754 "1.1.13"
+    jmespath "0.16.0"
+    querystring "0.2.0"
+    sax "1.2.1"
+    url "0.10.3"
+    uuid "3.3.2"
+    xml2js "0.4.19"
+
+aws-sdk@^2.596.0, aws-sdk@^2.848.0, aws-sdk@^2.928.0:
   version "2.1089.0"
   resolved "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1089.0.tgz#198ee116f3d6f70cd26cd6f7efa6adba46a54768"
   integrity sha512-QhawXCxhOLR+SJHuKXNzyx1hd+oA1HqaDRjbeTKUrz7g2KF4EyPWvLwzf1fNaOTPK3Vp3JDYijusdKlfV69efw==