Unable to get aws account id with sso session

[jamesongithub]

What happened?

Diagnostics:
  aws-native:lambda:Url (functionUrl):
    error: could not get AWS account ID: operation error STS: GetCallerIdentity, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, the SSO session has expired or is invalid: open C:\Users\sendj\.aws\sso\cache\6ec8cfb33d9cddeabc64d836967e069238df25ff.json: The system cannot find the file specified.

Expected Behavior

expect to be able to create the resource

Steps to reproduce

pulumi.yaml

config:
  aws:region: us-west-2
  aws-native:region: us-west-2

main..py

function = aws.lambda_.Function("function",
    runtime="python3.9",
    handler="handler.handler",
    role=role.arn,
    code=pulumi.FileArchive("./function"))

lambda_url = aws_native.lambda_.Url('functionUrl',
    target_function_arn=function.arn,
    auth_type="NONE",
    cors=aws_native.lambda_.UrlCorsArgs(
        allow_methods=["GET", "POST"],
        allow_origins=["*"], 
    ),
)

handler.py

from datetime import datetime

def handler(event, context):
    return {
        'statusCode': 200,
        'body': datetime.now().isoformat()
    }

.aws/config

[default]
sso_session = cli
sso_account_id = REDACT
sso_role_name = AdministratorAccess
region = us-west-2
output = yaml
sso_start_url = https://REDACT.awsapps.com/start
sso_region = us-west-2


[sso-session cli]
sso_start_url = https://REDACT.awsapps.com/start
sso_region = us-west-2
sso_registration_scopes = sso:account:access

Output of pulumi about

CLI                  
Version      3.74.0  
Go Version   go1.20.5
Go Compiler  gc      

Plugins
NAME            VERSION
aws             5.41.0 
aws-apigateway  1.0.1  
aws-native      0.67.0 
awsx            1.0.2
docker          3.6.1
python          unknown

Host     
OS       Microsoft Windows 10 Pro
Version  10.0.19045 Build 19045
Arch     x86_64

This project is written in python: executable='C:\Python311\python.exe' version='3.11.0
'


Dependencies:
NAME                   VERSION
pip                    23.1.2
pulumi-aws-apigateway  1.0.1
pulumi-aws-native      0.67.0
pulumi-awsx            1.0.2
setuptools             68.0.0
wheel                  0.40.0

Additional context

cleaned out the cache and reauth'd session but still received the same result

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[danielrbradley]

Hi @jamesongithub thanks for writing this up.

We need to narrow down where the issue is coming from. This might be addressed by #957 - where we're upgrading the underlying library which parses this SSO config.

• After authenticating, are you able to perform commands using the aws cli?
• Does the AWS configuration work with the AWS classic provider?

[jamesongithub]

Hi @jamesongithub thanks for writing this up.

We need to narrow down where the issue is coming from. This might be addressed by #957 - where we're upgrading the underlying library which parses this SSO config.

Yeah I saw that I had put sso_start_url and sso_region in the profile section to work around that. Curious if it will resolve this.

• After authenticating, are you able to perform commands using the aws cli?

Yes the aws cli works after authenticating.

• Does the AWS configuration work with the AWS classic provider?

Yes, in my stack I had both classic and native. The native resource failed, the classic ones seems to proceed but the entire stack was rolled back due to the aws account id issue. Seems to be looking for a non existent file in the cache.

[danielrbradley]

The dependency upgrades have been released in 0.68.0 please give that a god and see if that resolves your issue.

[jamesongithub]

seems to be working now!