Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS SSO Login and get_aws_caller_identity_user_id() #1661

Closed
stevie- opened this issue Apr 29, 2021 · 4 comments
Closed

AWS SSO Login and get_aws_caller_identity_user_id() #1661

stevie- opened this issue Apr 29, 2021 · 4 comments
Labels
bug Something isn't working

Comments

@stevie-
Copy link
Contributor

stevie- commented Apr 29, 2021

Terragrunt version: 0.29.1
Terraform: 0.14.10
aws-cli: aws-cli/2.1.39 Python/3.9.4 Darwin/20.4.0 source/x86_64 prompt/off

Most of the AWS SSO login issues got solved by updateing go sdk in recent versions, but we still have an isse with terragrunt function get_aws_caller_identity_user_id() and aws sso credentials. To work around this issue we use a phyton script to create the old standard ~/.aws/credentials keys from current SSO login profil.

We've created a small test sample code, which triggers the issue on init already:

terragrunt.hcl

locals {
  aws_identitiy = get_aws_caller_identity_user_id()
}

terraform {
  source = "./"
}

main.tf

data "aws_caller_identity" "current" {}

We set an ENV var export AWS_PROFILE=sso_profile and login via aws sso login succesfully. We check aws cli works.
Running terragrunt breaks:

❯ terragrunt --version
terragrunt version v0.29.1

❯ terragrunt init
Error: Error in function call

  on /Users/PATH/TO/test/terragrunt.hcl line 2, in locals:
   2:   aws_identitiy = get_aws_caller_identity_user_id()

Call to function "get_aws_caller_identity_user_id" failed: Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid
providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors.

ERRO[0005] Encountered error while evaluating locals.
ERRO[0005] /Users/PATH/TO/test/terragrunt.hcl:2,19-51: Error in function call; Call to function "get_aws_caller_identity_user_id" failed: Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors.
ERRO[0005] Unable to determine underlying exit code, so Terragrunt will exit with error code 1

It's possible that tehre are more terragrunt helper function for aws have the same issue.
@crablab crablab mentioned this issue Apr 30, 2021
Closed
@brikis98 brikis98 added bug Something isn't working help wanted labels May 3, 2021
@brikis98
Copy link
Member

brikis98 commented May 3, 2021

This might be fixed by #1663...

@yorinasub17
Copy link
Contributor

Please give https://github.com/gruntwork-io/terragrunt/releases/tag/v0.29.2 a try to see if it resolves your issue!

@stevie-
Copy link
Contributor Author

stevie- commented May 6, 2021

v0.29.2 solves the code example above

@stevie- stevie- closed this as completed May 6, 2021
@stevie-
Copy link
Contributor Author

stevie- commented May 6, 2021
edited
Loading

But I found another issue with the iam_role parameter
#1669

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yorinasub17 @stevie- @brikis98