aws iotsecuretunneling close-tunnel

Question

I have done the following:

aws configure sso (allowed device)
aws iotsecuretunneling open-tunnel ....

Retrieved the tunnelId from the above command.

Tried:
aws iotsecuretunneling close-tunnel --tunnel-id xxxx-xxxx-xxx

But I am getting: "Unable to locate credentials. You can configure credentials by running "aws configure"."

I want to add the close-tunnel to my script just incase it ends before my tunnel session expires, since when I start a new one, the localproxy command still uses the old/closed one.

Answer

Hello,

The error indicates missing credentials in the system.

As you’re trying to invoke the AWS CLI command from the script you will need to configure the AWS credentials on the device.

You can use the AWS user credentials by executing the ```aws configure``` CLI command and entering the credentials.

However, a better security practice will be to configure the CLI to use an IAM role directly[1].

It appears you’re already configuring the AWS CLI to use single-sign-on (SSO) and appears you are getting the credentials from that specific call only, in which case you can use the SSO profile [2] to crate the credentials (Note this involves some manual interaction).

References:

[1] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html

[2] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html

aws iotsecuretunneling close-tunnel

Relevant questions

AWS SSO on Amazon Linux

Is there a practical way to list all groups from AWS SSO?

Unable to register a Grafana new Workspace. Network Failure trying to setup AWS SSO as authentication method.

aws iotsecuretunneling close-tunnel

ELI5: AWS CLI and SSO

AWS SSO with Amazon Managed Grafana not working (redirection to NULL)

AWS SSO Issue with Office 365

Forbbiden 403 access denied with AWS SSO SAML application from Gitlab integration

AWS SSO EC2 RDP

AWS SSO Google Workspace IDP SCIM