Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Cannot use AWS SSO to configure management account. #28037

Open
macnibblet opened this issue Nov 28, 2022 · 1 comment
Open

[Bug]: Cannot use AWS SSO to configure management account. #28037

macnibblet opened this issue Nov 28, 2022 · 1 comment
Labels
bug Addresses a defect in current functionality. service/sts Issues and PRs that pertain to the sts service.

Comments

@macnibblet
Copy link

Terraform Core Version

1.3.5

AWS Provider Version

4.41.0

Affected Resource(s)

No response

Expected Behavior

I wanted to start managing the "management account using terraform, and I needed to add another account, so I thought that I would start by adding in through terraform.

provider "aws" {
  profile = "management"
}

// This was actually a call to create an account but for simplicity even calling this fails
data "aws_caller_identity" "this" {
}

And calling this locally using the aws cli aws sts get-caller-identity works just fine as well.

Actual Behavior

Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: e0a9eb7a-fba9-49cb-a122-0f21f85f19a5, api error InvalidClientTokenId: The security token included in the request is invalid.

Relevant Error/Panic Output Snippet

Did some debugging and it seems that when calling via terraform using an AWS SSO profile the `sts get-caller-identity` always fails, changing my profile to target another account works just fine.

Terraform Configuration Files

provider "aws" {}

data "aws_caller_identity" "this" {

}

Steps to Reproduce

Set up AWS SSO with a user that has AdminAccess on the management account

try to run the following terraform against that profile

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No
@macnibblet macnibblet added bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. labels Nov 28, 2022
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/sts Issues and PRs that pertain to the sts service. label Nov 28, 2022
@ewbankkit ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Nov 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/sts Issues and PRs that pertain to the sts service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@macnibblet @ewbankkit