You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to use aws-mfa-login with an AWS China account and get the following error:
aws-mfa-login --config ~/.aws-cn.yaml
#####
source: aws-cn
destination: aws-cn-mfa
#####
2023/10/17 12:52:36 operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: c1895db0-5866-4a35-a447-367de51b1d4f, api error InvalidClientTokenId: The security token included in the request is invalid.
The issue is rising because aws-mfa-login is trying to log in with the eu-central-1 account which is absent in AWS China.
The quick fix is to remove the hardcoded region from func (updater *CredUpdater) init() function: https://github.com/signavio/aws-mfa-login/blob/v0.1.28/action/login.go#L43
I've checked this quick fix and it works pretty well for both aws and aws-cn accounts.
What else do you think should be taken into consideration?
As I see github.com/aws/aws-sdk-go-v2 handles different IAM partitions well and no code changes are needed here:
AWS - arn:aws:: ....
AWS China- arn:aws-cn:: ...
The text was updated successfully, but these errors were encountered:
I'm trying to use aws-mfa-login with an AWS China account and get the following error:
The issue is rising because aws-mfa-login is trying to log in with the
eu-central-1
account which is absent in AWS China.The quick fix is to remove the hardcoded region from
func (updater *CredUpdater) init()
function:https://github.com/signavio/aws-mfa-login/blob/v0.1.28/action/login.go#L43
I've checked this quick fix and it works pretty well for both aws and aws-cn accounts.
What else do you think should be taken into consideration?
As I see
github.com/aws/aws-sdk-go-v2
handles different IAM partitions well and no code changes are needed here:The text was updated successfully, but these errors were encountered: