awsume
awsume copied to clipboard
trek10inc
AWSSume not setting AWS Environment variables - Windows 10 - AWSSume 4.5.0
Windows 10 - running as Administrator - awsume with a non-default profile is not setting AWS Environment id variables.
show-commands flag doesn't appear to be working either!
I am also seeing this behavior, but with the default profile as well.
--show-commands output:
--help output:
However, the output that should be in the console, is in a file in the working directory named temp.txt.
Most awsume commands place their ourput into this file, except that --show-commands seems to have all of the correct information present (key id, secret, session token, etc) but without the commands to actually set variables.
We recently pushed 4.5.1 which did clean up a few shell script bugs, could you update and let me know if you hit these issues still?
The temp.txt is created so it can store the output of awsumepy so awsume.bat can store it in a variable and handle the output properly, from there it should be exporting variables and displaying the proper output
Also note, I've experienced issues where pip install --upgrade and pipx upgrade (depending on how you installed awsume) don't actually update the shell scripts, so if you're still experiencing issues, one thing I've done to ensure the shell scripts are updated is to uninstall and then reinstall awsume
I had issue with 4.5.0 on Windows 10, updated to 4.5.3 and is working ok now.
Hey
I am using version 4.5.3 on Windows 11, Powershell 7.2.6 and experience the very same issue.
Once I set the $env:AWS_PROFILE=<profile_name> it works as expected.
Any advice on how to debug/fix the issue?
Below is the debug log:
awsume pa_dev --debug
[2022-10-24 15:58:59,995] main.py:main : [DEBUG] Debug logs are visible
[2022-10-24 15:58:59,996] main.py:main : [DEBUG] Executing awsume
[2022-10-24 15:58:59,996] app.py:__init__ : [DEBUG] Initalizing app
[2022-10-24 15:58:59,996] app.py:get_plugin_manager : [DEBUG] Creating plugin manager
[2022-10-24 15:58:59,997] app.py:get_plugin_manager : [DEBUG] Loading plugins
[2022-10-24 15:59:00,010] app.py:parse_args : [DEBUG] Gathering arguments
[2022-10-24 15:59:00,011] default_plugins.py:add_arguments : [INFO] Adding arguments
[2022-10-24 15:59:00,012] app.py:parse_args : [DEBUG] Parsing arguments
[2022-10-24 15:59:00,012] app.py:parse_args : [DEBUG] Handling arguments
[2022-10-24 15:59:00,012] default_plugins.py:post_add_arguments : [DEBUG] Post add arguments
[2022-10-24 15:59:00,013] default_plugins.py:post_add_arguments : [DEBUG] {"version": false, "output_profile": null, "clean": false, "profile_name": "pa_dev", "force_refresh": false, "show_commands": false, "unset_variables": false, "auto_refresh": false, "kill": false, "list_profiles": null, "refresh_autocomplete": false, "role_arn": null, "principal_arn": null, "source_profile": null, "external_id": null, "mfa_token": null, "region": null, "session_name": null, "role_duration": null, "with_saml": false, "with_web_identity": false, "json": null, "credentials_file": null, "config_file": null, "config": null, "list_plugins": false, "info": false, "debug": true}
[2022-10-24 15:59:00,013] app.py:get_profiles : [DEBUG] Gathering profiles
[2022-10-24 15:59:00,013] default_plugins.py:collect_aws_profiles : [INFO] Collecting AWS profiles
[2022-10-24 15:59:00,015] default_plugins.py:collect_aws_profiles : [DEBUG] Collected 26 profiles
[2022-10-24 15:59:00,015] default_plugins.py:post_collect_aws_profiles : [INFO] Post collect AWS profiles
[2022-10-24 15:59:00,016] app.py:get_credentials : [DEBUG] Getting credentials
[2022-10-24 15:59:00,016] app.py:get_credentials : [DEBUG] Pulling credentials from default awsume flow
[2022-10-24 15:59:00,016] profile.py:get_role_chain : [DEBUG] Getting role chain for [pa_dev]
[2022-10-24 15:59:00,016] default_plugins.py:get_credentials : [DEBUG] Role chain: ['pa_dev']
[2022-10-24 15:59:00,017] default_plugins.py:get_credentials_handler : [INFO] Getting credentials: pa_dev
[2022-10-24 15:59:00,017] profile.py:validate_profile : [DEBUG] Validating profile
[2022-10-24 15:59:00,017] default_plugins.py:get_credentials_no_mfa : [INFO] Getting credentials MFA not required
[2022-10-24 15:59:00,017] app.py:export_data : [DEBUG] Exporting data
While I can confirm that AWS_PROFILE env is not set in powershell
awsume myProfile
dir env:
I do not believe it is necessary for awsume to be setting this env. Generally, awsume sets environment variables to determine which credentials any relevant aws-related process (such as aws cli or an sdk such as the JavaScript AWS SDK) will use.
As seen here, environment variables take precendence over the "credentials file" when a process such as the aws cli is determining what/which credentials to use.
awsume setting the AWS_PROFILE, according to this documentation, would impact only which aws profile to use when reading from the credentials file.
Because awsume mainly sets environment variables to help temporarily change which credentials you are using, and these environment variables take precedence over the credentials file, it is not necessary to change the AWS_PROFILE environment var.
To illustrate the point, I would suggest trying to awsume 1 particular role, then set the AWS_PROFILE variable to refer to some different AWS role/user/identity. Then perform the following using the aws cli:
aws sts get-caller-identity
You may observe that the identity being used is still the original role, despite the fact that you set AWS_PROFILE to refer to something else.
