You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've submitted an issue before; I am now with a different employer and experiencing a different issue. I have installed the utility as directed and created the config file (see --verbose output below), but I am unable to authenticate due to an apparent issue with the Role ARN. Note that I am working in gov-cloud (not the public AWS cloud) and that services are sometimes absent or behave differently. Have you been able to test in the gov-cloud? Does the stack trace below indicate to you what might be wrong? As before, I have redacted certain information in the trace to preserve anonymity.
[me]>pyokta-aws auth --verbose -p rdt-admin
Loading settings from config file "[me]/.pyokta_aws/config"...
Using the following settings...
profile...........: rdt-admin
region............: us-gov-west-1
okta_org..........: [redacted].okta.com
okta_aws_app_url..: https://[okta-org]/home/amazon_aws/0oa46z3dyPZgL5uA24h6/272
aws_role_to_assume: arn:aws:iam::arn:aws-us-gov:iam::[aws-acct-id]:role/AdministratorViaOkta
aws_idp...........: arn:aws:iam::arn:aws-us-gov:iam::[aws-acct-id]:saml-provider/BraxtonOkta
username..........: [email protected]
password..........: <redacted>
sts_duration......: 28800
mfa_choice........: app
config_file.......: [me]/.pyokta_aws/config
verbose...........: True
interactive.......: True
Okta username: [email protected]
Enter Okta mobile app code: [auth-code]
Traceback (most recent call last):
File "%LOCALAPPDATA%\programs\python\python39\lib\runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "%LOCALAPPDATA%\programs\python\python39\lib\runpy.py", line 87, in _run_code
exec(code, run_globals)
File "%LOCALAPPDATA%\Programs\Python\Python39\Scripts\pyokta-aws.exe\__main__.py", line 7, in <module>
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\pyokta_aws\__main__.py", line 26, in main
return dispatch(sys.argv[1:])
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\pyokta_aws\cli.py", line 69, in dispatch
return main(args.args)
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\pyokta_aws\commands\auth.py", line 99, in main
return authenticate(auth_settings)
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\pyokta_aws\commands\auth.py", line 71, in authenticate
resp = aws_auth_with_saml(
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\pyokta_aws\commands\auth.py", line 34, in aws_auth_with_saml
return client.assume_role_with_saml(**data)
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\botocore\client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "%LOCALAPPDATA%\programs\python\python39\lib\site-packages\botocore\client.py", line 676, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the AssumeRoleWithSAML operation: Request ARN is invalid
[me]>
The documentation in the README seems to differ somewhat from the output of pyokta-aws -h, but I have tried numerous variations on the format of the Role ARN without success. Any suggestions will be welcome.
The text was updated successfully, but these errors were encountered:
I've submitted an issue before; I am now with a different employer and experiencing a different issue. I have installed the utility as directed and created the config file (see --verbose output below), but I am unable to authenticate due to an apparent issue with the Role ARN. Note that I am working in gov-cloud (not the public AWS cloud) and that services are sometimes absent or behave differently. Have you been able to test in the gov-cloud? Does the stack trace below indicate to you what might be wrong? As before, I have redacted certain information in the trace to preserve anonymity.
The documentation in the README seems to differ somewhat from the output of
pyokta-aws -h, but I have tried numerous variations on the format of the Role ARN without success. Any suggestions will be welcome.The text was updated successfully, but these errors were encountered: