By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS CLI: "Missing the following required SSO configuration values: sso_start_url, sso_region." when Using ASSUMED ROLE.

1

I am trying to use SSO on Windows and I am following the configuration instructions, as provided by AWS.

  1. I successfully completed the aws configure sso step, input all of the required information like start URL, region, etc. The browser opens and authentication completes.

  2. I execute the aws s3 ls --profile <profile-name> command and it lists all the buckets I can access.

  3. When I execute aws sso login --profile <assumed-role>, I get the message "Missing the following required SSO configuration values: sso_start_url, sso_region."

The message at step 3 is asking me to complete what I did in step 1, even though everything appears to have worked properly. I've deleted the AWS config file, removed and reinstalled AWSCLIv2, but no joy.

Note: The Assumed Role has been added to the config file, and the setting validated by a co-worker.

Any ideas? TIA.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS ConfigAWS Command Line Interface
Language
English
Q5-SE
asked 2 years ago22.3K views
2 Answers
1

Hello,

Your expectations are correct: once you configure AWS CLI v2 for Single Sign On (SSO), you should only need to run 'aws sso login'. That's because the previous step, 'aws configure sso', should've persisted the SSO configuration on user's ~/.aws/config by defining profile-specific sso_* parameters [1].

After you get authenticated on CLI, you are prompted to select the Account and also the Role (Permission Sets) you want to assume in the selected account. Once these selections are done, you will be prompted to create a profile with those details which are similar to the one below and then choose a name for the profile or select the default one.

[profile My-Acct-1] sso_start_url = https://ALIAS.awsapps.com/start/#/ sso_region = us-east-1 sso_account_id = 555555555555 sso_role_name = AWSPowerUserAccess region = us-east-1 output = json

Please ensure that the value for "sso_account_id" under the profile in the AWS config file is correctly populated.

To understand whats going on, we require details that are non-public information. Please open a support case with AWS using the following link: https://console.aws.amazon.com/support/home#/case/create

References

[1] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html

AWS
SUPPORT ENGINEER
AWS-User-6158549
answered 2 years ago
0

I got this error from boto3 and it turned out I was running an old version (I was in a folder with an old Python venv).

Karl
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content