Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

prompt for AWS session token and re-prompt when it expires #11749

Open
2 tasks done
TheRealSyler opened this issue Jan 11, 2023 · 4 comments
Open
2 tasks done

prompt for AWS session token and re-prompt when it expires #11749

TheRealSyler opened this issue Jan 11, 2023 · 4 comments
Labels
feature-request Request a new feature p4 pending-review Pending review from core-team platform-config Issues related to configuring project settings

Comments

@TheRealSyler
Copy link

How did you install the Amplify CLI?

yarn

If applicable, what version of Node.js are you using?

v16.14.0

Amplify CLI Version

10.6.1

What operating system are you using?

windows 11

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

no

Describe the bug

When using AWS access keys authentication the token expires without asking to re authenticate.

Expected behavior

amplify should ask to re authenticate if the token is expired.

Reproduction steps

  1. copy aws account credentials from XXXX.awsapps.com/start#/ and paste into terminal
  2. run amplify init choose AWS access keys for authentication
  3. git commit & delete repository
  4. clone repository
  5. paste credentials into terminal
  6. run amplify pull --appId XXXXX --envName dev use AWS access keys for authentication
  7. wait until the AWS session token expires (not sure how long that takes)
  8. run amplify pull

Project Identifier

No response

Log output

# Put your logs below this line


Additional information

No response

Before submitting, please confirm:

  • I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
  • I have removed any sensitive information from my code snippets and submission.
@TheRealSyler TheRealSyler added the pending-triage Issue is pending triage label Jan 11, 2023
@josefaidt
Copy link
Contributor

Hey @TheRealSyler 👋 thanks for raising this! As we begin to look at this in more depth, what is the error you're receiving after the session token expires? And to clarify, are you looking for a signal from the CLI to inform you that the token has expired and you must re-authenticate?

@josefaidt josefaidt added platform Issues tied to the general CLI platform pending-response Issue is pending response from the issue author labels Jan 11, 2023
@TheRealSyler
Copy link
Author

TheRealSyler commented Jan 11, 2023

@josefaidt the ideal thing would be to just be asked to login again something like this

session has expired, do you want to login again (Y/n)
? accessKeyId:  [hidden]
? secretAccessKey:  [hidden]
? sessionToken:  [hidden]  (not in the real login flow)

i also forgot to add that you need to paste the session token into the environment in order for the login to work, there should probably be a separate issue for that.

when trying to pull i get:

✖ There was an error initializing your environment.
🛑 Could not initialize platform for 'staging': The provided token has expired.

Resolution: Review the error message and stack trace for additional information.
Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier:

when trying to push i get:

✖ There was an error pulling the backend environment staging.
🛑 The provided token has expired.

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier:

the Session Identifier is empty i did not remove it for privacy.

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue author label Jan 11, 2023
@josefaidt
Copy link
Contributor

Ah thanks for clarifying @TheRealSyler ! Yes I agree that this flow can be improved, however this appears similar to #10484 and #407. I will adjust the title of this issue to support prompting and re-prompting for session tokens

@josefaidt josefaidt changed the title AWS session token expires and its not possible to login again prompt for AWS session token and re-prompt when it expires Jan 17, 2023
@josefaidt josefaidt added feature-request Request a new feature platform-config Issues related to configuring project settings and removed platform Issues tied to the general CLI platform pending-triage Issue is pending triage labels Jan 17, 2023
@josefaidt
Copy link
Contributor

Hey @TheRealSyler for what it's worth, we can also increase the session duration from the IAM console (see below), as well as increase the duration_seconds in our ~/.aws/config file for this profile (if you are using one)

image

duration_seconds - The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This is an optional parameter and by default, the value is set to 3600 seconds.

https://docs.aws.amazon.com/cli/latest/topic/config-vars.html

@josefaidt josefaidt added pending-review Pending review from core-team p4 labels Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature-request Request a new feature p4 pending-review Pending review from core-team platform-config Issues related to configuring project settings
Projects
None yet
Development

No branches or pull requests

2 participants