Can you guys update the current botocore v1 version with the new sso credential provider that was created in botocore v2. This will let people programmatically access SSO credentials they set up from the command line. Thanks :)
@dytoto - Thank you for your post. Marking this as a feature request.
Any updates on this?
We really need this :(
I pulled the SSO credential support from botocore v2 and the CLI into a credential_process helper, so by adding one line to your SSO-configured profile in .aws/config, it'll work with any SDK that supports credential_process: aws-sso-credential-process
Hopefully very soon the functionality in botocore v2 will get pulled in botocore v1, and all the other SDK languages, but until then I find this to be a minimally intrusive workaround.
@joguSD this is shipped, right? At least as of 1.17.16
Still getting botocore.exceptions.NoCredentialsError: Unable to locate credentials
works for me today! I needed to make two changes:
thanks!
@annbrady You should be able to use boto3 without aws-sso-credential-process now. With boto3 1.14.0/botocore 1.17.0, it knows how to load credentials that are cached when you run aws sso login. But that means the user has to have signed in using the CLI for it to work. You can still use aws-sso-credential-process to enable your Python scripts to dispatch the user to the browser to sign in (and to make SDKs in other languages work).
@annbrady You should be able to use boto3 without
aws-sso-credential-processnow. With boto3 1.14.0/botocore 1.17.0, it knows how to load credentials that are cached when you runaws sso login. But that means the user has to have signed in using the CLI for it to work. You can still useaws-sso-credential-processto enable your Python scripts to dispatch the user to the browser to sign in (and to make SDKs in other languages work).
Guess I'm doing something wrong then...
...
Successfully installed boto3-1.14.17
...
aws sso login --profile NAME
...
Successully logged into Start URL: https://d-ID.awsapps.com/start/
python
Python 3.8.1 (tags/v3.8.1:1b293b6, Dec 18 2019, 22:39:24) [MSC v.1916 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
import boto3
import jmespath
region = 'us-east-1'
ec2 = boto3.client('ec2', region_name=region)
ec2.describe_instances()
Traceback (most recent call last):
File "", line 1, in
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\client.py", line 621, in _make_api_call
http, parsed_response = self._make_request(
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\client.py", line 641, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\endpoint.py", line 102, in make_request
return self._send_request(request_dict, operation_model)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\endpoint.py", line 132, in _send_request
request = self.create_request(request_dict, operation_model)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\endpoint.py", line 115, in create_request
self._event_emitter.emit(event_name, request=request,
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\hooks.py", line 356, in emit
return self._emitter.emit(aliased_event_name, kwargs)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\hooks.py", line 228, in emit
return self._emit(event_name, kwargs)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\hooks.py", line 211, in _emit
response = handler(kwargs)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\signers.py", line 90, in handler
return self.sign(operation_name, request)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\signers.py", line 160, in sign
auth.add_auth(request)
File "C:\Users\annbrady\AppData\Local\Programs\Python\Python38-32\lib\site-packages\botocore\auth.py", line 357, in add_auth
raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials
You've logged in to profile NAME but aren't providing it in Python. What if you change the code to ec2 = boto3.Session(profile_name='NAME').client('ec2', region_name=region)? (it would also apply if you've done export AWS_PROFILE=NAME before loading python)
You've logged in to profile NAME but aren't providing it in Python. What if you change the code to
ec2 = boto3.Session(profile_name='NAME').client('ec2', region_name=region)? (it would also apply if you've doneexport AWS_PROFILE=NAMEbefore loading python)
that was it, thank you!
With the merging of this PR https://github.com/boto/botocore/pull/2070 SSO functionality is now supported in current botocore. Please let us know if anyone has any concerns.
Most helpful comment
Any updates on this?