aws

Kari Marttila 2026-03-14T16:02:53.983659Z

When first getting my AWS credentials using aws sso login --profile MY-AWS-PROFILE and then starting my REPL and using Cognitect AWS library to list S3 buckets, I get:

clj.scratch1=> (aws/invoke s3 {:op :ListBuckets})
#:cognitect.anomalies{:category :cognitect.anomalies/fault, :message "Unable to fetch credentials. See log for more details."}
(In the terminal, when using aws cli: aws s3 ls => I can see the buckets.) When exporting AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY ... in the terminal, then starting REPL, and then listing S3 buckets: I get listing of the buckets. So, should I do something special for the Cognitect AWS library to be able to pull the AWS credentials from some cache or something, when getting the credentials using aws sso login ? I am using Linux Debian 13. My Clojure version and Cognitect AWS library versions are:
org.clojure/clojure {:mvn/version "1.12.4"}
com.cognitect.aws/api {:mvn/version "0.8.800"}
com.cognitect.aws/endpoints {:mvn/version "871.2.42.9"}
com.cognitect.aws/s3 {:mvn/version "871.2.41.20"}

Marco Biscaro 2026-03-17T22:52:05.774429Z

aws-api does not natively support SSO credentials provider https://github.com/cognitect-labs/aws-api/issues/182

👍 1
Alex Miller (Clojure team) 2026-03-14T16:05:14.473599Z

Might be region related

Kari Marttila 2026-03-14T16:06:42.012539Z

Using eu-west-1.

Alex Miller (Clojure team) 2026-03-14T16:41:11.034719Z

I mean you might need to specify that

👍 1
😄 1
greg 2026-06-04T20:31:15.382699Z

Use aws-vault. It works like a charm

greg 2026-06-04T20:37:52.028449Z

aws-vault works fine with SSO. It triggers browser auth if token is missing or expired, and pass the necessary AWS env vars to the clj process

aws-vault exec  -- clj ...
The only thing with SSO is that these tokens expire shortly so you can't keep the REPL open endlessly and you need to restart it.