Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Bug with creating aws_session_token for IAM User credentials without MFA

See original GitHub issue

Describe the bug Sessions created AWS IAM User Provider and without MFA have trouble accessing IAM resources. One obvious difference to other sessions is that the aws_session_token has quotes around it.

Leapp Version 0.9.0

To Reproduce Steps to reproduce the behavior:

  1. Add a new Session in Leapp (AWS, IAM User)
  2. Fill in credentials for user with full access to all AWS resources, but no MFA enabled.
  3. Start the newly created session
  4. Inside .aws/credentials there should be an entry with aws_session_token="..."
  5. Try to access your own user aws iam get-user --user-name XXX --profile YYY
  6. Receive error: An error occurred (InvalidClientTokenId) when calling the GetUser operation: The security token included in the request is invalid

Expected behavior The user information is fetched and shown in the console

Desktop (please complete the following information):

  • OS: macOS
  • OS Version 12.2.1
  • Leapp Version 0.9.0

Additional context I tried the same AWS command with the same base credentials, but without temporary credentials and that works.

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:4
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

3reactions
deigacommented, Mar 12, 2022

@ericvilla That is a very good point! But I still consider it a bug in Leapp, since I don’t have any way not to use temporary credentials

1reaction
rudeluvcommented, Oct 7, 2022

I just ran into the exact same issue, so I added my MFA device to the AWS IAM User configuration. However, I’m not prompted for an MFA code for some reason.

@jalaziz I realize this is old but I was running into the same problem. I had to delete the session and re-create it with the MFA device and after that it prompted me for a code.

Read more comments on GitHub >

github_iconTop Results From Across the Web

aws-cli fails to acquire session token before issuing ... - GitHub
AWS CLI fails while attempting to issue API calls with MFA authentication. It appears to be issuing a sts:AssumeRole API call without ......
Read more >
Accessing AWS using your AWS credentials
Understand the different types of AWS security credentials (passwords, access keys, multi-factor authentication, key pairs, certificates) and when you use ...
Read more >
Setup AWS credentials and configuration
Configure a session token as part of your credentials ; You are using your own AWS account, and using credentials from an IAM...
Read more >
aws Cookbook - Chef Supermarket
IAM User, Group, Policy, and Role Management: ... If credentials are not supplied via parameters, resources will look for the credentials in ...
Read more >
Never put AWS temporary credentials in the ... - Ben Kehoe
We need to talk about how AWS credential configuration works. Many people have more than one IAM principal that they use on a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to use AWS AssumeRole with MFA

Next page

v0.9.0 complaints and suggested solutions