Comments (10)
I use temporary AWS credentials via env vars as well and I've been having the same issue:
$ gossm start
RequestExpired: Request has expired.
status code: 400, request id: 2b17a0f6-88ca-454c-a2d4-5a2750362bd1
I can run any command with awscli without any issues:
$ aws sts get-caller-identity
{
"UserId": "AXXXXXXXX:[email protected]",
"Account": "8000000000",
"Arn": "arn:aws:sts::800000000:assumed-role/Role/[email protected]"
}
from gossm.
I confirmed the issue has been resolved on version v1.2.3.
thanks @tedsmitt . <3
from gossm.
Yep, looks good from my end too - thanks @tedsmitt!
from gossm.
@mogggggg
Maybe it' need to additonal ssm:DescribeInstanceInformation permission.
ssm:DescribeInstanceInformation is using to find possible instances that can access over ssm-agent.
from gossm.
@gjbae1212
But if it was using the account details from the environment variables it shouldn't need that, right? The account I'm assuming has the Administrator role.
I'm also not sure why the permissions would be different between v1.20 and v1.1.1?
from gossm.
@mogggggg
gossm with v1.20 have added new feature used ssm:DescribeInstanceInformation.
#15
from gossm.
Thanks @gjbae1212, unfortunately I still don't think it's working as intended.
The role I'm assuming via env vars has the AdministratorAccess
policy attached to it so I shouldn't need to add any new permissions.
The issue seems to be that gossm
isn't looking at these env vars anymore.
I've just attached the AdministratorAccess
to my user defined in ~/.aws/credentials
and it now looks like gossm is at working but it's looking at that AWS account (which has no EC2 resources in it) instead of the one where I've assumed the role.
➜ gossm start
[start-session] profile: default, region: ap-southeast-2, target:
InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, StartSessionInput.Target.
If I use the previous version of gossm it works fine, so I think this is a bug.
from gossm.
@mogggggg
Refined a little of code.
Test it with gossm v1.2.1.
from gossm.
@gjbae1212
Wow, you're so fast!
Unfortunately I'm getting the same problem. Here's a snippet comparing between v1.2.1 and v1.1.0
➜ ./gossm-1-2-1 start
[update] aws ssm plugin
UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: de97146c-f579-415b-a803-6975a0e3ca50
➜ ./gossm-1-1-0 start
[update] aws ssm plugin
? Choose a target in AWS: [Use arrows to move, type to filter]
<big list of all my instances>
from gossm.
Hey guys, I've raised a PR to fix this.
from gossm.
Related Issues (20)
- Feature Request: Add Command for Port-Forwarding HOT 2
- Cloud security
- Feature Request: SSO auth HOT 2
- Extend support to ECS exec HOT 1
- Ability to connect to an instance via "Name" tag. HOT 3
- Better documentation around how gossm looks for creds HOT 2
- authenticate with aws credential_process HOT 1
- get EOF error with fish shell and oh-my-fish HOT 2
- Document Permissions Required for gossm HOT 1
- AWS_SHARED_CREDENTIALS_FILE Overwritten By Default HOT 6
- Something like this for K8S would be awesome HOT 1
- FilterLimitExceeded: The maximum number of filter values specified on a single call is 200 HOT 1
- Brew upgrade states a deprecation HOT 2
- The UI is broken when running k9s on the server connected using gossm. HOT 1
- Not working for hybrid images HOT 2
- ssh and scp not working using GOSSM
- Feature Request: Support for StartPortForwardingSessionToRemoteHost HOT 1
- [err] Incorrect function. when running on windows 10
- Feature Request: Support for Amazon ECS Exec to access containers on AWS Fargate and Amazon EC2 HOT 2
- session-manager-plugin incorrect arch for arm64
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gossm.