Are there plans to make the datomic-cli work with AWS SSO?

We’re using AWS SSO to log in on the CLI, which means:

  • we run aws sso login [--profile read]
  • the command spawns a browser to log in via SSO
  • files are created under ~/.aws/sso/cache/ containing SSO credentials
  • there is no ~/.aws/credentials file
  • there are no AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY env vars
  • subsequent aws ... commands make use of the SSO credentials to authenticate

We’ve written an SSO credentials provider that gets handed off to datomic.client.api/client to allow authentication when testing things as a developer (not used by the actual deployed apps), but it looks like the datomic etc CLI tools don’t know how to interact with the SSO credential system? At current attempting to run a CLI command results in:

$ datomic cloud list-systems -p sudo
WARNING: When invoking clojure.main, use -M
Execution error (ExceptionInfo) at datomic.tools.ops.aws/invoke! (aws.clj:83).
AWS Error: Unable to fetch credentials. See log for more details.

The log in question just contains a larger stacktrace.

1 Like

Hi @DanM I’ve logged a story for us to investigate supporting SSO. We’ll update here with our findings.

Cheers,
Jaret