When first getting my AWS credentials using aws sso login --profile MY-AWS-PROFILE and then starting my REPL and using Cognitect AWS library to list S3 buckets, I get:
clj.scratch1=> (aws/invoke s3 {:op :ListBuckets})
#:cognitect.anomalies{:category :cognitect.anomalies/fault, :message "Unable to fetch credentials. See log for more details."}
(In the terminal, when using aws cli: aws s3 ls => I can see the buckets.)
When exporting AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY ... in the terminal, then starting REPL, and then listing S3 buckets: I get listing of the buckets.
So, should I do something special for the Cognitect AWS library to be able to pull the AWS credentials from some cache or something, when getting the credentials using aws sso login ?
I am using Linux Debian 13.
My Clojure version and Cognitect AWS library versions are:
org.clojure/clojure {:mvn/version "1.12.4"}
com.cognitect.aws/api {:mvn/version "0.8.800"}
com.cognitect.aws/endpoints {:mvn/version "871.2.42.9"}
com.cognitect.aws/s3 {:mvn/version "871.2.41.20"}
aws-api does not natively support SSO credentials provider https://github.com/cognitect-labs/aws-api/issues/182
Might be region related
Using eu-west-1.
I mean you might need to specify that
Use aws-vault. It works like a charm
aws-vault works fine with SSO. It triggers browser auth if token is missing or expired, and pass the necessary AWS env vars to the clj process
aws-vault exec -- clj ...
The only thing with SSO is that these tokens expire shortly so you can't keep the REPL open endlessly and you need to restart it.