This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-10-30
Channels
- # aleph (4)
- # announcements (5)
- # architecture (1)
- # aws (5)
- # babashka (12)
- # beginners (143)
- # chlorine-clover (4)
- # cider (16)
- # clj-kondo (44)
- # cljfx (26)
- # cljsrn (2)
- # clojure (34)
- # clojure-europe (28)
- # clojure-gamedev (1)
- # clojure-nl (3)
- # clojure-provo (2)
- # clojure-spec (6)
- # clojure-uk (17)
- # clojurescript (99)
- # code-reviews (6)
- # core-async (15)
- # cryogen (9)
- # cursive (14)
- # data-science (1)
- # datomic (16)
- # duct (1)
- # events (4)
- # exercism (1)
- # figwheel-main (3)
- # fulcro (3)
- # hugsql (7)
- # leiningen (4)
- # malli (15)
- # off-topic (13)
- # pathom (8)
- # re-frame (7)
- # reitit (35)
- # remote-jobs (1)
- # sci (10)
- # shadow-cljs (32)
- # sql (5)
- # tools-deps (102)
- # tree-sitter (3)
- # uncomplicate (7)
- # vim (40)
- # xtdb (8)
has anyone tried the AWS SSO system? im trying to use it with https://github.com/cognitect-labs/aws-api but i don't see a credentials provider which would support SSO. it does give access to the SSO AWS API though, so i can try to put a signin flow together with that...
i tried our AWS SSO setup and it works with the new AWS CLI 2:
https://aws.amazon.com/blogs/developer/aws-cli-v2-is-now-generally-available/
but what it puts into ~/.aws/config
is not understood by cognitect.aws.client.api
😞
it looks something like this:
[<some profile name>]
sso_start_url = https://<org-name>.
sso_region = ap-southeast-1
sso_account_id = 179999999999
sso_role_name = AdministratorAccess
# sso_role_name = PowerUserAccess
region = ap-southeast-1
I think the credential support in aws-api is sort of minimal in an attempt to keep the core lightweight and not require other aws-api services to implement auth. I needed to extend the profile provider to support assume role sts tokens, for example. https://github.com/RutledgePaulV/aws-api-credential-providers/blob/master/src/aws_api_credential_providers/core.clj
@onetom (I'll be going deep into this in a week or two but I did some research already). Atm most AWS SDK's do not support obtaining credentials via SSO - that includes Java and Go SDK (the latter is rather infuriating because I work a lot with terraform). The workaround is to use a small Python script, which does some munging of credentials obtained via cli v2 and can inject them to your shell environment. https://github.com/linaro-its/aws2-wrap can work for you or you might need to tweak it a bit (like we did)