Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: Bump github.com/aws/[email protected] #27620

Merged
merged 1 commit into from
Feb 2, 2021
Merged

deps: Bump github.com/aws/[email protected] #27620

merged 1 commit into from
Feb 2, 2021

Conversation

bflad
Copy link
Contributor

@bflad bflad commented Jan 28, 2021
edited
Loading

Changes:

* backend/s3: Support for AWS Single-Sign On (SSO) cached credentials

Updated via:

go get github.com/aws/[email protected]
go mod tidy

Please note that Terraform CLI will not initiate or perform the AWS SSO login flow. It is expected that you have already performed the SSO login flow using AWS CLI using the aws sso login command, or by some other mechanism before executing Terraform. More precisely, this credential handling must find a valid non-expired access token for the AWS SSO user portal URL in ~/.aws/sso/cache. If a cached token is not found, is expired, or the file is malformed an error will be returned.

You can use configure AWS SSO credentials from the AWS shared configuration file by specifying the required keys in the profile:

sso_account_id
sso_region
sso_role_name
sso_start_url

For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be provided, or an error will be returned.

[profile devsso]
sso_start_url = https:my-sso-portal.awsapps.com/start
sso_role_name = SSOReadOnlyRole
sso_region = us-east-1
sso_account_id = 123456789012

Additional Resources

@bflad
deps: Bump github.com/aws/[email protected]
ad8a2e8 
Changes:

```
* backend/s3: Support for AWS Single-Sign On (SSO) cached credentials
```

Updated via:

```
go get github.com/aws/[email protected]
go mod tidy
```

Please note that Terraform CLI will not initiate or perform the AWS SSO login flow. It is expected that you have already performed the SSO login flow using AWS CLI using the `aws sso login` command, or by some other mechanism before executing Terraform. More precisely, this credential handling must find a valid non-expired access token for the AWS SSO user portal URL in `~/.aws/sso/cache`. If a cached token is not found, is expired, or the file is malformed an error will be returned.

You can use configure AWS SSO credentials from the AWS shared configuration file by specifying the required keys in the profile:

```
sso_account_id
sso_region
sso_role_name
sso_start_url
```

For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be provided, or an error will be returned.

```
[profile devsso]
sso_start_url = https:my-sso-portal.awsapps.com/start
sso_role_name = SSOReadOnlyRole
sso_region = us-east-1
sso_account_id = 123456789012
```

Additional Resources

* [Configuring the AWS CLI to use AWS Single Sign-On](https:docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)
* [AWS Single Sign-On User Guide](https:docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
@codecov
Copy link

codecov bot commented Jan 28, 2021
edited
Loading

Codecov Report

Merging #27620 (ad8a2e8) into master (29dd334) will decrease coverage by 0.00%.
The diff coverage is n/a.

Impacted Files Coverage Δ
terraform/node_resource_plan.go 96.11% <0.00%> (-1.95%) ⬇️

@bflad
Copy link
Contributor Author

bflad commented Jan 28, 2021

If there are plans to cut another Terraform 0.14 release, this is a good candidate for backport. 👍

The equivalent functionality in the Terraform AWS Provider has been merged and will release with version 3.26.0, expected later today.

@bflad bflad mentioned this pull request Jan 28, 2021
Closed
@jbardin jbardin added the 0.14-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Jan 29, 2021
@bflad bflad mentioned this pull request Feb 1, 2021
Closed
@bflad bflad linked an issue Feb 1, 2021 that may be closed by this pull request
Terraform backend s3 with AWS SSO login fails #27650
Closed
@jbardin jbardin merged commit 9c16e57 into master Feb 2, 2021
@teamterraform teamterraform mentioned this pull request Feb 2, 2021
Closed
@jbardin jbardin mentioned this pull request Feb 2, 2021
Merged
@bflad bflad deleted the v-aws-sdk-go-v1.37.0 branch February 2, 2021 13:49
@dduportal dduportal mentioned this pull request Feb 11, 2021
Closed
@ghost
Copy link

ghost commented Mar 5, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked as resolved and limited conversation to collaborators Mar 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
0.14-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged backend/s3 enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Terraform backend s3 with AWS SSO login fails
2 participants
@bflad @jbardin