-
Notifications
You must be signed in to change notification settings - Fork 840
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attempting to access SQS when using AWS SSO fails #3870
Comments
Does it work if you use the
|
No. Tried this, and a number of other variations of the way to create an sqsClient instance and none work. all result in an access denied when used via the Java SDK. |
@debora-ito Is there any update on this? |
@andyfcdl sorry, no updates yet. I'll work in setting up a SSO profile to repro this. |
Might be related to #3679, still working to confirm is the same case. |
Not sure that the token expiry is the case for us. I do an SSO login a couple of minutes before executing the code, to get a token with 8 hours left on it, and the python script works but the Java application fails when connecting to SQS, but adding some code in to talk to S3 works and it can, for example, list buckets using the SSO token. I have attached an anonymised debug log of what I see when attempting to call out to SQS. S3Client s3 = S3Client.builder() I'm wondering if there is anything to do with the fact we need to use role_arn in the profile such that we get access via said role? |
This can be closed. We went through AWS support and found that we had some issues in our aws config file, and updates to the underlying SDK also helped. Basically we had duplicated some lines in our profiles in the config file around SSO configuration and the Java SDK did not like this. |
|
Hi, could you possibly be more specific? I'm struggling with the same thing. For some reason, the sdk is making a "get role credentials" request, and that fails with a 403. |
Our core issue was in the ~/.aws/config and how we set up sso - we duplicated some of the sso lines from [default] into our individual profile config, and this caused the Java SDK to not recognise it correctly - once we tidied that up it all worked, i.e. sso details in the [default] section and just relevant info in the profile as per [default] [profile dev-profile] Turn on full wire level debug logging to see what it is trying as well - |
Thanks for getting back to me. I still can't get it to work .. My "normal" profile works, it's when attempting to access our sandbox env on aws that it breaks. This is my config file (redacted)
I'm able to use the sandboxtest profile on cmd line just fine, the problem is with the java sdk. |
Remove the duplicated sso_* sections and only have them in a [default] section, and give that a try. |
wow, this worked. thank you! also, i need to include sts on classpath. |
Describe the bug
We are using aws sso to get session credentials. Wehn we use this we can use the Jaka SDK to query S3 etc., but are failing to be able to do anything with SQS utilising the Java SDK v2, although the AWS CLI and Python apps work just fine..
Our basic issue is we received a 403 error when calling the API, for example to list queues and a message of the form 'Access to the resource https://sqs.eu-west-1.amazonaws.com/ is denied'
Expected Behavior
AWS SDK v2 interacting with SQS when we are logged on via aws sso should allow interations to just work.
Current Behavior
We receive a 403 error when calling the API, for example to list queues and a message of the form 'Access to the resource https://sqs.eu-west-1.amazonaws.com/ is denied'
Reproduction Steps
Log in to AWS using SSO against a profile other than default. This profile uses a different role specifc to what we need to do.
Using code as per
Possible Solution
No response
Additional Information/Context
We have used the AWS CLI to connect and this work.
aws sqs list-queues --profile=dev-profile
We have also used a small python script, below, and this also works
AWS Java SDK version used
2.20.34
JDK version used
openjdk version "1.8.0_342" OpenJDK Runtime Environment Corretto-8.342.07.3 (build 1.8.0_342-b07) OpenJDK 64-Bit Server VM Corretto-8.342.07.3 (build 25.342-b07, mixed mode)
Operating System and version
Windows 10
The text was updated successfully, but these errors were encountered: