Amplify CLI does work with AWS SSO credentials

[zhiweil]

Describe the bug
The amplify CLI does not work with the AWS profile generated by AWS Single Sign On. I received a error saying "Could not initialize 'some-amplify-env': Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1"

The Amplify CLI version is: 4.41.0
NodeJS version is: 15.5.1

To Reproduce
I'm setting up a laptop to work with an existing Amplify environment. AWS profile is created in by AWS single sign on.

1. After running "aws configure sso" a profile is created in $HOME/.aws/config as shown below; there is no "credentials" file within the $HOME/.aws folder.

[profile zhiwei-dev]
sso_start_url = https://xxxxxxxxx.awsapps.com/start
sso_region = xxxxx
sso_account_id = 11111111111111
sso_role_name = SomeAWSRole
region = xxxx
output = json

2. Run "aws sso login --profile zhiwei-dev" and test the new credential by CLI "aws s3 ls --profile zhiwei-dev". The call succeeds.

3. Clone an existing CodeCommit GIT repo by the following command and it succeeds.

git clone codecommit://zhiwei-dev@some-project

4. I got an error when running "amplify init":

developer-vm$ amplify init
Note: It is recommended to run this command from the root of your app directory
? Do you want to use an existing environment? Yes
? Choose the environment you would like to use: zhiweidev
Using default provider  awscloudformation
⠦ Initializing your environment: zhiweidevCould not initialize 'zhiweidev': Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1

4. I tried to set AWS_SDK_LOAD_CONFIG and I got similar errors, the AWS SDK always complaints about unable to find the credentials file. Also tried "amplify pull --appId xxxx --envName xxxx --profile zhiwei-dev" and got exactly the same error.

Expected behavior
I expect Amplify CLI would work with credentials generated by AWS SSO as this is a fairly common practice under a multi-account environment.

[edwardfoyle]

Hi @zhiweil Did you run aws sso login --profile zhiwei-dev as described here to get temporary credentials?

[zhiweil]

Hi @zhiweil Did you run aws sso login --profile zhiwei-dev as described here to get temporary credentials?

Yes, I did, the SSO credentials work perfectly with AWS CLI such as "aws s3 ls --profile zhiwei-dev"

[edwardfoyle]

@zhiweil can you check if you have credentials for that profile listed in ~/.aws/credentials (or wherever you have the aws cli setup to save credentials, but that's the default location)

[edwardfoyle]

Closing this as a dupe of #4488. We don't support this out of the box currently but you can check the thread in that issue for a workaround that may work for you.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.