Are there plans to make the datomic-cli work with AWS SSO?

DanM · March 23, 2021, 2:36pm

We’re using AWS SSO to log in on the CLI, which means:

we run aws sso login [--profile read]
the command spawns a browser to log in via SSO
files are created under ~/.aws/sso/cache/ containing SSO credentials
there is no ~/.aws/credentials file
there are no AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY env vars
subsequent aws ... commands make use of the SSO credentials to authenticate

We’ve written an SSO credentials provider that gets handed off to datomic.client.api/client to allow authentication when testing things as a developer (not used by the actual deployed apps), but it looks like the datomic etc CLI tools don’t know how to interact with the SSO credential system? At current attempting to run a CLI command results in:

$ datomic cloud list-systems -p sudo
WARNING: When invoking clojure.main, use -M
Execution error (ExceptionInfo) at datomic.tools.ops.aws/invoke! (aws.clj:83).
AWS Error: Unable to fetch credentials. See log for more details.

The log in question just contains a larger stacktrace.

jaret · March 24, 2021, 3:55pm

Hi @DanM I’ve logged a story for us to investigate supporting SSO. We’ll update here with our findings.

Cheers,
Jaret

cch1 · June 30, 2022, 11:04pm

Can we get an update on the schedule for SSO support?

cch1 · October 6, 2022, 7:14pm

@jaret , can we get an update on the schedule for SSO support?

Topic		Replies	Views
Unable to connect to Datomic system through the bastion Troubleshooting	3	1309	March 17, 2020
DynamoDB, `datomic:ddb//` connect URI, and AWS STS roles - can we provide the token for a keypair? Datomic Pro	1	953	May 23, 2018
Minimum Required Permissions? Troubleshooting	5	1378	August 17, 2020
Datomic Cloud 569-8835 and CLI 0.9.33 Announcements	0	1202	December 3, 2019
Stuck with connecting to Datomic Ions during "Getting Started" Datomic Cloud	8	1673	January 14, 2019

Are there plans to make the datomic-cli work with AWS SSO?

Related topics