IAM Forbidden
stephenbawks opened this issue · comments
Running into the issue where SSO is not configured. Appears to be trying to use my default profile from the aws credentials file. Is there a way to specify a different profile?
(node:43368) UnhandledPromiseRejectionWarning: ForbiddenException, AccessDeniedException: User: arn:aws:iam::34534534345343:user is not authorized to perform
Thanks for raising this and apologies for the slow response. This is now fixed and will be released shortly
Hi @ljacobsson and thanks for your lib, looks awesome :)
I'm running into issue using the --profile
option
As you can see from screenshot above, I ensured profile was indeed defined in my configuration, however I can't get it to be used by evb.
Can you help ?
@ljacobsson I know it’s not strictly the purpose of this project, but a “setup with IAM” part of the readme would be really helpful. I’m currently struggling to get evb-cli to run without SSO.
Can you try v1.1.36? Just fixed a bug in the credentials chain.
No instructions should be needed
Can you try again? I can't reproduce your issue.
If it still persists can you please paste a censored version of your ~/.aws/config file?
@ljacobsson I’m still having an issue getting this to work. Fully admitting to the possibility that there is some configuration hickup on my system, though.
aws iam get-user
returns the correct UserId/Accoutn/Arn.
Any evb
command I’ve tried so far errors out with the following:
$ evb -v
1.1.36
$ evb input --format json
(node:49224) UnhandledPromiseRejectionWarning: BadRequest: The security token included in the request is invalid.
at Object.extractError (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.extractError (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/protocol/rest_json.js:55:8)
at Request.callListeners (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/Users/j4zz/.nvm/versions/node/v14.15.5/lib/node_modules/@mhlabs/evb-cli/node_modules/aws-sdk/lib/request.js:690:12)
@j4zz I'm finding it hard to reproduce this.
What authentication mechanism do you use? Just normal access/secret key?
@ljacobsson Upon further investigation it could have been a profile choice/detection mismatch. If I align ~/.aws/config
with ~/.aws/credentials
for the default
profile the issue is solved, so it could have been a configuration issue on my end.
From my perspective it works now, this issue can be closed and I’m happy to finally start using evb-cli
. 🎉
Awesome!
Thanks for reporting anyway :-) Working with the aws-cli credentials config can be a pain
Closing this issue 🎉