diff --git a/Project.toml b/Project.toml index 9a3165b287..e1748e2920 100644 --- a/Project.toml +++ b/Project.toml @@ -1,7 +1,7 @@ name = "AWS" uuid = "fbe9abb3-538b-5e4e-ba9e-bc94f4f92ebc" license = "MIT" -version = "1.87.0" +version = "1.87.1" [deps] Base64 = "2a0f44e3-6c83-55bd-87e4-b1978d98bd5f" diff --git a/src/AWSCredentials.jl b/src/AWSCredentials.jl index 4abc4e415e..a868f91140 100644 --- a/src/AWSCredentials.jl +++ b/src/AWSCredentials.jl @@ -462,6 +462,17 @@ function sso_credentials(profile=nothing) settings = _aws_profile_config(ini, p) isempty(settings) && return nothing + # AWS IAM Identity Center authentication is not yet supported in AWS.jl + sso_session = get(settings, "sso_session", nothing) + if !isnothing(sso_session) + error( + "IAM Identity Center authentication is not yet supported by AWS.jl. " * + "See https://github.com/JuliaCloud/AWS.jl/issues/628", + ) + end + + # Legacy SSO configuration + # https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-legacy.html#sso-configure-profile-manual sso_start_url = get(settings, "sso_start_url", nothing) if !isnothing(sso_start_url) diff --git a/test/AWSCredentials.jl b/test/AWSCredentials.jl index 926075db65..15d7f1f252 100644 --- a/test/AWSCredentials.jl +++ b/test/AWSCredentials.jl @@ -576,6 +576,29 @@ end end end + # TODO: Additional, precedence tests should be added for IAM Identity Center + # once support has been introduced. + @testset "IAM Identity Center preferred over legacy SSO" begin + write( + config_file, + """ + [sso-session my-sso] + sso_region = us-east-1 + sso_start_url = https://my-sso-portal.awsapps.com/start + + [default] + sso_session = my-sso + sso_start_url = https://my-legacy-sso-portal.awsapps.com/start + sso_role_name = role1 + """, + ) + isfile(creds_file) && rm(creds_file) + + apply(Patches.sso_service_patches("AKI_SSO", "SAK_SSO")) do + @test_throws ErrorException AWSCredentials() + end + end + @testset "SSO preferred over credentials file" begin write( config_file,