-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Wrong URL for SSO in us-east-1 if use_fips is true #33952
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
I should also point out that this wasn't broken in 4.53. So this is a regression. |
For implementor: The AWS FIPS documentation suggests that there is no override for the SSO endpoint with FIPS. However, the default resolver may not be returning the correct endpoint Short-term fix:
Longer-term fix:
|
@tmccombs was this a regression, or is this your first time using SSO with FIPS in the AWS partition? |
This is a regression. It was working with the When upgrading to 5.x I started getting errors. |
Related: aws/aws-sdk-go-v2#2686 |
Terraform Core Version
1.5.0
AWS Provider Version
5.21.0
Affected Resource(s)
Problem with configuring the provider for authentication with SSO
Expected Behavior
Terraform should be able to refresh the token when using a profile that uses AWS SSO.
Actual Behavior
Error when refreshing the token which results in not being able to run the specified action.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
Run a plan, apply, refresh etc. with config like above, using an AWS profile that uses AWS IAM Identity Center (previously SSO)
Debug Output
Panic Output
No response
Important Factoids
If
use_fips
is false, then it works fine.References
This is basically the same as #29350 but, while GovCloud regions have been fixed, it seems the issue is still there for the us-east-1 region (and possibly other regions?)
My guess is that it is likely also due to incorrect urls in the upstream aws sdk library.
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: