Describe the bug
Authentication with AWS SSO does not work with expired token message.
The AWS SSO session is authenticated (other AWS CLI commands work) but Steampipe queries return error
Steampipe version (steampipe -v
)
0.13.0
To reproduce
Add the profile argument with the name of your AWS SSO profile to the steampipe config file ~/.steampipe/config/aws.spc
connection "aws" {
plugin = "aws"
profile = "management"
regions = ["us-east-1","eu-west-1"]
}
Login with AWS SSO to the management profile
aws sso login -profile management
Check the AWS SSO login is working
aws sts get-caller-identity --profile management
{
"UserId": "XXXXXXXXXXXXXXXXXXXXX:user@domain",
"Account": "123456789010",
"Arn": "arn:aws:sts::123456789010:assumed-role/AWSReservedSSO_AWSAdministratorAccess_xxxxxxxxxxxxxxxx/user@domain"
}
start steampipe query
steampipe query
Run query
This takes a long time to return
Welcome to Steampipe v0.13.0
> select
title,
create_date,
mfa_enabled
from
aws_iam_user
Error: ExpiredToken: The security token included in the request is expired
status code: 403, request id: xxxxxxxx-9b31-48d4-b764-733792607bc2 (SQLSTATE HV000)
Expected behavior
The query should complete and return the results
Additional context
AWS CLI at latest version
aws-cli/2.4.27 Python/3.8.8 Linux/5.10.60.1-microsoft-standard-WSL2 exe/x86_64.ubuntu.20 prompt/off