Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cli] CDK_DEFAULT_ACCOUNT not set when using MFA and --profile specified #10048

Closed
unleashed-jamest opened this issue Aug 29, 2020 · 4 comments
Closed

[cli] CDK_DEFAULT_ACCOUNT not set when using MFA and --profile specified #10048

unleashed-jamest opened this issue Aug 29, 2020 · 4 comments
Labels
bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI

Comments

@unleashed-jamest
Copy link

unleashed-jamest commented Aug 29, 2020
edited
Loading

It looks like #6510 has caused a regression when using profiles with MFA on the cli. It seems when --profile is specified and the profile contains an mfa_serial then --verbose shows a message saying Unable to determine the default AWS account after entering a valid MFA code. When synth runs the value of the CDK_DEFAULT_ACCOUNT environment variable is blank.

This is a breaking change for us. We were successfully using aws-mfa with profiles before 1.60.0 as a workaround to not having official mfa support. I have confirmed 1.59.0 does not have this issue. I couldn't quite get aws-mfa to work with 1.60.0 either to see if I could still work around this, so probably can't take this version until this is resolved.

Reproduction Steps

Set up a profile in ~/.aws/credentials

[cool-guy]
role_arn = arn:aws:iam::987654321987:role/cool-role
source_profile = default
region = ap-southeast-2
output = json
mfa_serial = arn:aws:iam::123456789123:mfa/cool.user

Set up a minimal stack and at the beginning of the program try to load the default account and error out if it's not present.

sealed class Program
{
    public static void Main(string[] args)
    {
        var app = new App();
        var accountId = System.Environment.GetEnvironmentVariable("CDK_DEFAULT_ACCOUNT");
        if(string.IsNullOrEmpty(accountId))
            throw new ArgumentNullException("CDK_DEFAULT_ACCOUNT");
        
        var region = System.Environment.GetEnvironmentVariable("CDK_DEFAULT_REGION");
        if(string.IsNullOrEmpty(accountId))
            throw new ArgumentNullException("CDK_DEFAULT_REGION");
        
        new MyCoolStack(app, "MyCoolStack", new MyCoolStackProps
        {
            Env = new Environment
            {
                Account = accountId,
                Region = region
            }
        });
        app.Synth();
    }
}

Run cdk synth --profile cool-guy

What did you expect to happen?

I expect given I'm invoking a cdk command with a --profile when I enter my MFA code it correctly sets the value of CDK_DEFAULT_ACCOUNT

What actually happened?

--verbose shows an error message Unable to determine the default AWS account and the value of the environment variable CDK_DEFAULT_ACCOUNT is empty when my cdk code is executing.

Environment

  • cdk version:1.60.0
  • node version: 10.15.0
  • Windows 10
  • C# 7.3 / netcoreapp3.1

This is 🐛 Bug Report
@unleashed-jamest unleashed-jamest added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 29, 2020
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Aug 29, 2020
@shivlaks shivlaks added p1 effort/medium Medium work item – several days of effort labels Aug 31, 2020
@OxfordGrid
Copy link

Hey guys, is there an update to this bug? As it stops me from using the latest versions.

@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Nov 6, 2020
@NGL321 NGL321 assigned rix0rrr and unassigned shivlaks Jan 25, 2021
@alexandervandekleutab
Copy link

I'm still encountering this issue.

@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 28, 2022
@github-actions github-actions bot closed this as completed Jul 4, 2022
@badmintoncryer
Copy link
Contributor

Please try

set AWS_DEFAULT_PROFILE=profile_a
cdk deploy

instead of

cdk deploy --profile=profile_a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@rix0rrr @OxfordGrid @SomayaB @shivlaks @unleashed-jamest @badmintoncryer @alexandervandekleutab