aws-sdk-go doens't support new sso-session in a shared config

[ksauzz]

Describe the bug

2 weeks ago, awscli v2.9.0 was released and introduced sso-session section in $HOME/.aws/config. But it seetms aws-sdk-go doesn't support it yet, and failed to load the config.

Expected Behavior

aws-sdk-go should load sso-session section from a shared config correctly.

Current Behavior

aws-sdk-go just ignored sso-session section, and failed by missing required configuration: sso_region, sso_start_url.

Reproduction Steps

1. install awscli v2.9.0 or later.
2. create a shared config by aws configure sso
3. load the config from aws-sdk-go. I used session manager plugin.

Possible Solution

No response

Additional Information/Context

It would be nice if session manager plugin team in AWS would update aws-sdk-go version after releasing the fix.

SDK version used

v1.40.17

Environment details (Version of Go (go version)? OS name and version, etc.)

Linux

[isaiahvita]

@ksauzz thanks for reaching out. would you be able to show us whats in your shared config located at ~/.aws/config? feel free to stub out any sensitive information

[ksauzz]

Our config which hit the issue is the following:

[profile xxx]
sso_session = xxx
sso_account_id = xxxxxxxxxx
sso_role_name = xxxxxxxxxx
region = ap-northeast-1
sso_region = ap-northeast-1
output = json
[sso-session xxx]
sso_start_url = https://d-xxxxxxxxxx.awsapps.com/start
sso_region = ap-northeast-1
sso_registration_scopes = sso:account:access

You can find the similar example here.

[ksauzz]

According to hashicorp/terraform-provider-aws#28263 it seems aws-sdk-go-v2 already supports this.

[avdhoot]

What should users do when an application uses AWS-SDK-GO v1 while AWS CLI is creating a new profile? I will request the maintainer's support both profile/config in v1 SDK.

[kyanar]

Looks like the only solution is to copy the sso_start_url and sso_region from the sso-session block, delete the sso-session block (and all references to sso_session_name) and then reauthenticate to allow the SDK-v1 sessions to work. If the sso_session_name is configured at all, AWS CLI puts the authentication token in a location the SDK can't find.

[akbog]

This is an increasingly frustrating bug across the AWS CLI/SDK ecosystem

[mericozkayagan]

any updates on this?

[dongho-jung]

It's been almost five months and we still have to login repeatedly.. why is this P3 and have minor priority?

[sokopro-vile]

I'm also interested, what's the status of this? There were some merged PRs mentioned #4868 & #4875 indicating some kind of handywork in order to fix this, however the first one seemed to also be reverted at some point?

Updating myself: so it seems the #4885 is still open & waiting to be merged to main --> after which we should get the fixes released?

[aajtodd]

Yes, when #4885 lands into main it will be made available in the next release.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.