Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage requires aws value #19

Open
ahonnecke opened this issue Dec 22, 2022 · 2 comments
Open

Usage requires aws value #19

ahonnecke opened this issue Dec 22, 2022 · 2 comments

Comments

@ahonnecke
Copy link

Looks very promising, but I can't get it to allow me to log in without using AWS vault; I don't know if this is the same issue as the known limitation "AWS-Vault MFA Shell Prompts don't work in aws.el": https://github.com/snowiow/aws.el#aws-vault-mfa-shell-prompts-dont-work-in-awsel

My setup:

  • Clone repo locally
  • load package like this:
(use-package aws-mode
  :bind ;; some functions which make sense to bind to something
  ("C-c a a" . aws)
  ("C-c a l" . aws-login)
  ("C-c a n" . aws-organizations-get-account-name)
  ("C-c a i" . aws-organizations-get-account-id)
  :load-path "~/src/aws.el/"
  :custom
  (aws-vault nil) ;; when t use aws-vault cmd to get into aws session
  (aws-output "json") ;; optional: yaml, json, text (default: yaml)
  (aws-organizations-account "root")) ;; profile of organizations account. organizations commands are automatically executed against this account, when specified

Behavior:
aws produces a list of service
image

Selecting anything from the services list seems to fail

  • s3:
    image

aws-login emits "NOT SUPPORTED" to the minibuffer
image

My org uses SSO and I can login to the aws cli inside vterm.
@snowiow
Copy link
Owner

snowiow commented Dec 23, 2022

Hi thanks for checking out the project. We don't use SSO at our company for AWS Login atm. So I can't test it myself 😞

When you use aws-vault and want to use it for getting session credentials, you should set (aws-vault t) instead in your config snippet. That's why the aws-login returns the 'NOT SUPPORTED' message. Currently the login command is only forwarded to aws-vault.

In regards to MFAs:
How exactly do your calls look like with aws-vault, when let's say listing all buckets from the shell?
Is it also just a aws-vault exec <profile-name> -- aws s3 ls ? That's also what this package would execute in the background.

Are you then prompted to input an MFA afterwards? If you input this MFA in your shell as well, this doesn't work with this package, because I couldn't get to forward this prompt to an emacs process, which then forwards the input result back to the shell process. I think there is a way though, because magit is also able to do it.

But I avoided this so far and instead set a GUI app as the MFA prompt for aws-vault, like described here.

Hope this helps to get things running already 🙂 I'm not sure when I find the time to revisit the MFA problem, because I have it as well currently, because I'm more on Linux again and there osascript doesn't exist.

@snowiow
Copy link
Owner

snowiow commented Jan 25, 2023

Hi again, for linux I found zenity as good MFA prompt. You can add the following line to your init.el, so that aws-vault is using that program by default:

(setenv "AWS_VAULT_PROMPT" "zenity")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ahonnecke @snowiow