aws_consoler
aws_consoler copied to clipboard
NetSPI
Passing session token via -s argument fails
- AWS Consoler version: Latest
- Python version: 3.8.2
- Operating System: Latest Kali
Description
Attempting to pass the access key, secret key, and session token via CLI arguments failed with the following error. Attempted wrapping arguments in quotes as well. I was able to get around this by creating a profile and using the -p argument instead.
What I Did
aws_consoler -v -a A[REDACTED]V -s [REDACTED] -t IQoJb3JpZ2luX2VjEIf//////////wEaC[REDACTED]A==
2020-05-07 13:45:03,278 [aws_consoler.cli] INFO: Validating arguments...
2020-05-07 13:45:03,278 [aws_consoler.cli] INFO: Calling logic.
2020-05-07 13:45:03,284 [aws_consoler.logic] INFO: Session using credential variables established.
2020-05-07 13:45:03,578 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::5[REDACTED].
2020-05-07 13:45:03,578 [aws_consoler.cli] CRITICAL: expected string or bytes-like object
Can you re-run with -vv? The fact that it was able to create a session tells me the token is valid, but it's having issues with picking up the token value for some reason.
Ran the same command with -vv. Output is below.
2020-05-07 14:01:23,282 [aws_consoler.cli] INFO: Validating arguments...
2020-05-07 14:01:23,282 [aws_consoler.cli] INFO: Calling logic.
2020-05-07 14:01:23,282 [aws_consoler.logic] DEBUG: Establishing Boto3 session.
2020-05-07 14:01:23,282 [aws_consoler.logic] DEBUG: Using CLI-provided credentials.
2020-05-07 14:01:23,288 [aws_consoler.logic] INFO: Session using credential variables established.
2020-05-07 14:01:23,584 [aws_consoler.logic] INFO: Session valid, attempting to federate as arn:aws:sts::5[REDACTED].
2020-05-07 14:01:23,584 [aws_consoler.cli] CRITICAL: expected string or bytes-like object
Interesting note. Running as the same user was then working using the command line arguments. I believe this is due to me running
aws configure
I created a new user and ran first command here and replicated the issue. So this may be due to not having aws cli configured in the first place.
I suspect this is an issue with AWS Consoler not knowing what region to use - as of v1.1.0, a region is required to detect what partition should be authenticated to.
However, it doesn't look like there's a good base case (should default to the standard partition) - I'll have to make some changes to make it easier for folks.
In the short-term, you can fix this by passing -R us-east-1 on the command line.
You seem to be correct. Passing the region yields a federation URL to use. Thanks for the quick fix!
@RyanGandrud This has been included in 1.1.1. Please give v1.1.1-rc.1 a shot from the releases page, and let me know if it works for you.
That works! Assumes standard aws region and outputs a message stating as much.
Had the same issue. Is this project still maintained? Maybe 1.1.1 should be released officially.
@johnsaigle I'm no longer with the organization, I'd have to check if there's someone able to merge the changes in. You can use the workaround documented above, or grab the rc1 version.