Credentials to be loaded correctly, and ProcessCredentialsProviderFailure not to be called. ProcessCredentialsProvider should not be used in this case.
[2022-04-13 17:52:58] user@PC MSYS /c/Dev/ws/CDKTestProject/cdk
$ npx cdk synth -v --profile my-assumed-sso-role
CDK toolkit version: 2.20.0 (build 738ef49)
Command line arguments: {
_: [ 'synth' ],
v: 1,
verbose: 1,
profile: 'my-assumed-sso-role',
lookups: true,
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
debug: false,
ec2creds: undefined,
i: undefined,
'version-reporting': undefined,
versionReporting: undefined,
'path-metadata': true,
pathMetadata: true,
'asset-metadata': true,
assetMetadata: true,
'role-arn': undefined,
r: undefined,
roleArn: undefined,
staging: true,
'no-color': false,
noColor: false,
validation: true,
quiet: false,
q: false,
'$0': 'node_modules\\aws-cdk\\bin\\cdk'
}
cdk.json: {
"app": "npx ts-node --prefer-ts-exts bin/app.ts",
"watch": {
"include": [
"**"
],
"exclude": [
"README.md",
"cdk*.json",
"**/*.d.ts",
"**/*.js",
"tsconfig.json",
"package*.json",
"yarn.lock",
"node_modules",
"test"
]
},
"context": {
"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
"@aws-cdk/core:stackRelativeExports": true,
"@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
"@aws-cdk/aws-lambda:recognizeVersionProps": true,
"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
"@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
"@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
"@aws-cdk/core:target-partitions": [
"aws",
"aws-cn"
]
}
}
merged settings: {
versionReporting: true,
pathMetadata: true,
output: 'cdk.out',
app: 'npx ts-node --prefer-ts-exts bin/app.ts',
watch: {
include: [ '**' ],
exclude: [
'README.md',
'cdk*.json',
'**/*.d.ts',
'**/*.js',
'tsconfig.json',
'package*.json',
'yarn.lock',
'node_modules',
'test'
]
},
context: {
'@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId': true,
'@aws-cdk/core:stackRelativeExports': true,
'@aws-cdk/aws-rds:lowercaseDbIdentifier': true,
'@aws-cdk/aws-lambda:recognizeVersionProps': true,
'@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021': true,
'@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver': true,
'@aws-cdk/aws-ec2:uniqueImdsv2TemplateName': true,
'@aws-cdk/core:target-partitions': [ 'aws', 'aws-cn' ]
},
debug: false,
assetMetadata: true,
profile: 'my-assumed-sso-role',
toolkitBucket: {},
staging: true,
bundlingStacks: [ '*' ],
lookups: true
}
Toolkit stack: CDKToolkit
Setting "CDK_DEFAULT_REGION" environment variable to ap-southeast-2
Resolving default credentials
Unable to determine the default AWS account: ProcessCredentialsProviderFailure: Profile my-assumed-sso-role did not include credential process
at ProcessCredentials2.load (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials\process_credentials.js:102:11)
at ProcessCredentials2.coalesceRefresh (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials.js:205:12)
at ProcessCredentials2.refresh (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials\process_credentials.js:163:10)
at ProcessCredentials2.get2 [as get] (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials.js:122:12)
at resolveNext2 (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials\credential_provider_chain.js:125:17)
at C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials\credential_provider_chain.js:126:13
at C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials.js:124:23
at C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-sdk\lib\credentials.js:212:15
at processTicksAndRejections (node:internal/process/task_queues:78:11) {
code: 'ProcessCredentialsProviderFailure',
time: 2022-04-13T09:53:07.307Z
}
context: {
'@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId': true,
'@aws-cdk/core:stackRelativeExports': true,
'@aws-cdk/aws-rds:lowercaseDbIdentifier': true,
'@aws-cdk/aws-lambda:recognizeVersionProps': true,
'@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021': true,
'@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver': true,
'@aws-cdk/aws-ec2:uniqueImdsv2TemplateName': true,
'@aws-cdk/core:target-partitions': [ 'aws', 'aws-cn' ],
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true,
'aws:cdk:version-reporting': true,
'aws:cdk:bundling-stacks': [ '*' ]
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'ap-southeast-2',
CDK_CONTEXT_JSON: '{"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId":true,"@aws-cdk/core:stackRelativeExports":true,"@aws-cdk/aws-rds:lowercaseDbIdentifier":true,"@aws-cdk/aws-lambda:recognizeVersionProps":true,"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021":true,"@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver":true,"@aws-cdk/aws-ec2:uniqueImdsv2TemplateName":true,"@aws-cdk/core:target-partitions":["aws","aws-cn"],"aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true,"aws:cdk:version-reporting":true,"aws:cdk:bundling-stacks":["*"]}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '17.0.0',
CDK_CLI_VERSION: '2.20.0'
}
Notices refreshed
Some context information is missing. Fetching...
Setting "vpc-provider:account=123456789012:filter.vpc-id=vpc-00000000000000000:region=ap-southeast-2:returnAsymmetricSubnets=true" context to {"$providerError":"Need to perform AWS calls for account 123456789012, but no credentials have been configured","$dontSaveContext":true}
Setting "CDK_DEFAULT_REGION" environment variable to ap-southeast-2
context: {
'vpc-provider:account=123456789012:filter.vpc-id=vpc-00000000000000000:region=ap-southeast-2:returnAsymmetricSubnets=true': {
'$providerError': 'Need to perform AWS calls for account 123456789012, but no credentials have been configured',
'$dontSaveContext': true
},
'@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId': true,
'@aws-cdk/core:stackRelativeExports': true,
'@aws-cdk/aws-rds:lowercaseDbIdentifier': true,
'@aws-cdk/aws-lambda:recognizeVersionProps': true,
'@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021': true,
'@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver': true,
'@aws-cdk/aws-ec2:uniqueImdsv2TemplateName': true,
'@aws-cdk/core:target-partitions': [ 'aws', 'aws-cn' ],
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true,
'aws:cdk:version-reporting': true,
'aws:cdk:bundling-stacks': [ '*' ]
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'ap-southeast-2',
CDK_CONTEXT_JSON: '{"vpc-provider:account=123456789012:filter.vpc-id=vpc-00000000000000000:region=ap-southeast-2:returnAsymmetricSubnets=true":{"$providerError":"Need to perform AWS calls for account 123456789012, but no credentials have been configured","$dontSaveContext":true},"@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId":true,"@aws-cdk/core:stackRelativeExports":true,"@aws-cdk/aws-rds:lowercaseDbIdentifier":true,"@aws-cdk/aws-lambda:recognizeVersionProps":true,"@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021":true,"@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver":true,"@aws-cdk/aws-ec2:uniqueImdsv2TemplateName":true,"@aws-cdk/core:target-partitions":["aws","aws-cn"],"aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true,"aws:cdk:version-reporting":true,"aws:cdk:bundling-stacks":["*"]}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '17.0.0',
CDK_CLI_VERSION: '2.20.0'
}
Not making progress trying to resolve environmental context. Giving up.
[Error at /CdkStack] Need to perform AWS calls for account 123456789012, but no credentials have been configured
Annotations.addMessage (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk-lib\core\lib\annotations.ts:99:25)
Annotations.addError (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk-lib\core\lib\annotations.ts:58:10)
Function.getValue (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk-lib\core\lib\context-provider.ts:111:31)
Function.fromLookup (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk-lib\aws-ec2\lib\vpc.ts:1161:66)
new CdkStack (C:\Dev\ws\CDKTestProject\cdk\lib\cdk-stack.ts:20:33)
Object.<anonymous> (C:\Dev\ws\CDKTestProject\cdk\bin\app.ts:8:1)
Module._compile (node:internal/modules/cjs/loader:1103:14)
Module.m._compile (C:\Dev\ws\CDKTestProject\cdk\node_modules\ts-node\src\index.ts:1056:23)
Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
Object.require.extensions.<computed> [as .ts] (C:\Dev\ws\CDKTestProject\cdk\node_modules\ts-node\src\index.ts:1059:12)
Module.load (node:internal/modules/cjs/loader:981:32)
Function.Module._load (node:internal/modules/cjs/loader:822:12)
Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
main (C:\Dev\ws\CDKTestProject\cdk\node_modules\ts-node\src\bin.ts:198:14)
Object.<anonymous> (C:\Dev\ws\CDKTestProject\cdk\node_modules\ts-node\src\bin.ts:288:3)
Module._compile (node:internal/modules/cjs/loader:1103:14)
Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
Module.load (node:internal/modules/cjs/loader:981:32)
Function.Module._load (node:internal/modules/cjs/loader:822:12)
Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
node:internal/main/run_main_module:17:47
Found errors
Error: Found errors
at StackCollection.processMetadataMessages (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk\lib\api\cxapp\cloud-assembly.ts:274:13)
at CdkToolkit.validateStacks (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk\lib\cdk-toolkit.ts:644:12)
at CdkToolkit.selectStacksForDiff (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk\lib\cdk-toolkit.ts:623:10)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at CdkToolkit.synth (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk\lib\cdk-toolkit.ts:507:20)
at initCommandLine (C:\Dev\ws\CDKTestProject\cdk\node_modules\aws-cdk\lib\cli.ts:342:12)
Describe the bug
When trying to acquire credentials using a assumed role
source_profileconnected to an SSO profile, I receive the following errorExpected Behavior
Credentials to be loaded correctly, and ProcessCredentialsProviderFailure not to be called. ProcessCredentialsProvider should not be used in this case.
Current Behavior
Trace logs:
Reproduction Steps
~/.aws/configcontains SSO profile and an assumed role profile~/.aws/credentialsis currently empty, but I've tried with a default profile and it doesn't make a differenceRunning
npx cdk synth --profile my-assumed-sso-rolecauses the error.Running
aws sts get-caller-identity --profile my-assumed-sso-roleshows a valid session.Possible Solution
Possibly bump the bundled aws-sdk version
Additional Information/Context
No response
CDK CLI Version
2.20.0 (build 738ef49)
Framework Version
No response
Node.js Version
v16.14.2
OS
Windows
Language
Typescript
Language Version
No response
Other information
I suspect that it's actually an upstream issue with
aws-sdkrelated tosource_profilewhich was recently fixed, such as aws/aws-sdk-js-v3#2221