hardeneks icon indicating copy to clipboard operation
hardeneks copied to clipboard
verified publisher icon aws-samples

doesn't work with sso

Open mohan-kumar-sp opened this issue 2 years ago • 5 comments

We are using SSO in our organisation where hardenks can't find credentials and it fails

hardeneks --region us-east-1 --cluster XXX --context XXXX

                        • HARDENEKS * * * * * * * * * * * * You are operating at us-east-1 You context is XXXX Your cluster name is XXXX You are using /opt/homebrew/lib/python3.11/site-packages/hardeneks/config.yaml as your config file

[bold][red]Unable to locate credentials [bold][red]Unable to locate credentials [bold][red]Unable to locate credentials [bold][red]Unable to locate credentials [bold][red]Unable to locate credentials [bold][red]Unable to locate credentials [bold][red]Unable to locate credentials [bold][red]Unable to locate credentials

mohan-kumar-sp avatar Aug 18 '23 07:08 mohan-kumar-sp

hi, thank you for creating an issue. I will take a look at it in the next 2 weeks.

dorukozturk avatar Aug 23 '23 21:08 dorukozturk

hi, so hardeneks uses boto3 and kubernetes python api underneath. In your case boto3 should be able find the credentials using one of the methods below:

Passing credentials as parameters in the boto.client() method

Passing credentials as parameters when creating a Session object

Environment variables

Shared credential file (~/.aws/credentials)

AWS config file (~/.aws/config)

Assume Role provider

Boto2 config file (/etc/boto.cfg and ~/.boto)

Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html. In your case would it be feasible to use one of the above methods?

dorukozturk avatar Sep 12 '23 01:09 dorukozturk

Hi Doruk ! I think a additional option to consider could be to add --profile to the arguments for selection , like the AWS CLI aws --profile <profile name> ec2 describe-instances. At the moment, the env variables needs to be manually set before executing this project. Happy to work on this sometime.

something like this:

hardeneks --context clustedev --region us-east-1 --cluster mycluster --profile  developerprofile

wa20221001 avatar Nov 22 '23 15:11 wa20221001

Hi, I like the idea and it makes a lot of sense. I can review and can even implement this in couple weeks (after reinvent :) )

dorukozturk avatar Nov 26 '23 12:11 dorukozturk

Hi @mohan-kumar-sp

We are using SSO

Once you have logged in to AWS Console, you can try to create AWS access key then use it for login using AWS CLI.

za avatar Jul 25 '24 09:07 za