You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using '--all-profiles' flag to automatically write all account/role combinations into the credentials file, there is a conflict issue when 2 account have the same role name and those roles don't have the permission 'iam:ListAccountAliases'.
Example:
Account1:
Role1
Role2
Account2:
Role1
Role2
Assuming Role2 is missing 'iam:ListAccountAliases', the code webssoauth.go
will write down the profile as
org-Role2
org-Role2
So the credential file will only have the last account it processed and saved under "org-Role2", missing the creds for one of the accounts.
I would suggest that instead of using the "org" prefix to consider using the account number as the prefix.
Eg:
123-Role2
234-Role2
This way both creds will exist instead of getting overwritten.
The text was updated successfully, but these errors were encountered:
When using '--all-profiles' flag to automatically write all account/role combinations into the credentials file, there is a conflict issue when 2 account have the same role name and those roles don't have the permission 'iam:ListAccountAliases'.
Example:
Assuming Role2 is missing 'iam:ListAccountAliases', the code
webssoauth.go
will write down the profile as
org-Role2
org-Role2
So the credential file will only have the last account it processed and saved under "org-Role2", missing the creds for one of the accounts.
I would suggest that instead of using the "org" prefix to consider using the account number as the prefix.
Eg:
123-Role2
234-Role2
This way both creds will exist instead of getting overwritten.
The text was updated successfully, but these errors were encountered: