John Leuner
John Leuner
Yes I think it's very similar to https://github.com/duckdb/duckdb-aws/issues/31 and probably also a regression of https://github.com/duckdb/duckdb-aws/issues/14
My testing also seemed to show that this happens not only on Windows x86-64 but also on Amazon Linux 2023
I checked that this still fails in duckdb 1.2.1
Another workaround for duckdb-cli is to first login with aws sso login and then export your credentials as environment variables: aws configure export-credentials --format powershell $Env:AWS_ACCESS_KEY_ID="ASXYZZZ" $Env:AWS_SECRET_ACCESS_KEY="oXVAAAABBBBBCCCC" $Env:AWS_SESSION_TOKEN="XXXYYYZZZ"
I found that the trailing hash character was being treated differently by the AWS SDK library linked by duckdb and by the AWS cli tool used to perform aws sso...
Also see my comments on the other issue https://github.com/duckdb/duckdb-aws/issues/62#issuecomment-2839235394
I don't have any issues using an SSO profile anymore, I tested with duckdb 1.4.1 on Windows x64 set AWS_PROFILE=myprofile CREATE SECRET secret2 ( TYPE s3, PROVIDER credential_chain, REGION 'af-south-1',...
@dobesv I've been debugging some of the AWS SSO authentication logic and I found two things: 1. If the sso_start_url parameter ends in a hash, like this: https://orgname.awsapps.com/start# then for...
@nicornk What do you think about the SSO path? Is there a way to use the PROFILE specified for the SSO provider (or when using the default chain)?
You're right, if you specify CHAIN 'sso' then the provided profile is used: CREATE SECRET secret2 ( TYPE s3, PROVIDER credential_chain, CHAIN 'sso', PROFILE 'myprofile', REGION 'af-south-1', ENDPOINT 's3.my-region.amazonaws.com' );...