aws-google-auth icon indicating copy to clipboard operation
aws-google-auth copied to clipboard

Published 20 hours ago verified publisher icon cevoaustralia

--resolve-aliases toggle doesn't work for all aws accounts

Open ashishmohite opened this issue 5 years ago • 5 comments

I have access to 5 AWS accounts through Google SSO but when i run aws-google-auth -d 7200 --resolve-aliases it shows me the aliases for two accounts only even though I have aliases set for all the accounts

ashishmohite avatar Dec 03 '19 09:12 ashishmohite

I am seeing this as well. We have 8 accounts and 2 of them are not showing their aliases.

DV8FromTheWorld avatar Jan 28 '20 16:01 DV8FromTheWorld

Your user must have IAM permissions iam:Get* and iam:List* to be able to resolve the account aliases

Solvik avatar Feb 27 '20 15:02 Solvik

@Solvik all my users have Admin access so that shouldn't be an issue in my case

ashishmohite avatar Mar 07 '20 15:03 ashishmohite

Is there anything in your CloudTrail logs that explains why these are denied? It could also be something weird being returned - the Alias resolving code does eat an exception when processing the identities.

If you can login with one of the ones that do not show and use the AWS CLI to show the aliases, what does it show?

eg.

$ aws iam list-account-aliases
{
    "AccountAliases": [
        "cevo-dev"
    ]
}

stevemac007 avatar Apr 13 '20 13:04 stevemac007

same issue for me, I have 40+ accounts and about 10 of them show without aliases. I just checked one of those and I get the expected result :

{
    "AccountAliases": [
        "my-account-alias"
    ]
}

also those aliases show properly on AWS's SAML login page

axelpavageau avatar Apr 15 '20 08:04 axelpavageau