Questions tagged with Security

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

1
answers
0
votes
33
views
asked 2 months ago

[URGENT] AWS SSO Failing with botocore.exceptions.ClientError: An error occurred (InternalServerException) when calling the GetRoleCredentials operation (reached max retries: 4): internal error

Hello, Starting in recent hour today we cannot login using SSO from external (standalone) applications, we have done no change in our side. The AWS management console works, however, 3rd party desktop applications are not working, this is across the board issue. I try to manually trigger SSO with a test program, I get the exception: botocore.exceptions.ClientError: ``` An error occurred (InternalServerException) when calling the GetRoleCredentials operation (reached max retries: 4): internal error ``` The sequence is based on the AWS examples available and provided below, it worked perfectly until recent hours. Does anyone experience the same? What is the right channel to provide the information to AWS? Regards,\ Alon --- ``` #!/usr/bin/env python3 import boto3.session import time import typing def awssso( sso_start_url: str, sso_region: str, sso_account_id: str, sso_role_name: str, region: str, urlopenner: typing.Callable[[str], None] = lambda url: print( f"Please open URL: {url}" ), ) -> tuple[boto3.session.Session, None]: session = boto3.session.Session() sso_oidc = session.client("sso-oidc", sso_region) client_creds = sso_oidc.register_client( clientName="myapp", clientType="public", ) device_authorization = sso_oidc.start_device_authorization( clientId=client_creds["clientId"], clientSecret=client_creds["clientSecret"], startUrl=sso_start_url, ) urlopenner(device_authorization["verificationUriComplete"]) for n in range( device_authorization["expiresIn"] // device_authorization["interval"] ): time.sleep(device_authorization["interval"]) try: token = sso_oidc.create_token( grantType="urn:ietf:params:oauth:grant-type:device_code", deviceCode=device_authorization["deviceCode"], clientId=client_creds["clientId"], clientSecret=client_creds["clientSecret"], ) break except sso_oidc.exceptions.AuthorizationPendingException: pass else: raise RuntimeError("Timeout while waiting for authorization") role_creds = session.client("sso", sso_region).get_role_credentials( roleName=sso_role_name, accountId=sso_account_id, accessToken=token["accessToken"], )["roleCredentials"] role_expiration = time.gmtime(role_creds["expiration"] / 1000) return ( boto3.session.Session( region_name=region, aws_access_key_id=role_creds["accessKeyId"], aws_secret_access_key=role_creds["secretAccessKey"], aws_session_token=role_creds["sessionToken"], ), role_expiration, ) def test() -> None: session, ttl = awssso( sso_start_url="https://<snip>.awsapps.com/start", sso_region="us-east-1", sso_account_id="<snip>", sso_role_name="<snip>", region="us-east-1", ) print(f"Identity: {session.client('sts').get_caller_identity()}") print(f"TTL: {ttl}") for b in session.resource("s3").buckets.all(): print(b) if __name__ == "__main__": test() ```
2
answers
1
votes
34
views
asked 2 months ago