We’re using AWS SSO to log in on the CLI, which means:
- we run
aws sso login [--profile read]
- the command spawns a browser to log in via SSO
- files are created under
~/.aws/sso/cache/containing SSO credentials
- there is no
- there are no
aws ...commands make use of the SSO credentials to authenticate
We’ve written an SSO credentials provider that gets handed off to
datomic.client.api/client to allow authentication when testing things as a developer (not used by the actual deployed apps), but it looks like the
datomic etc CLI tools don’t know how to interact with the SSO credential system? At current attempting to run a CLI command results in:
$ datomic cloud list-systems -p sudo WARNING: When invoking clojure.main, use -M Execution error (ExceptionInfo) at datomic.tools.ops.aws/invoke! (aws.clj:83). AWS Error: Unable to fetch credentials. See log for more details.
The log in question just contains a larger stacktrace.