Did you forget the -r
when cloning a git repo with submodules? The command you’re looking for is git submodule update --init
Category: Gotchas
The other AWS IAM SSO problem
The other thing you’ll run into using IAM users in AWS CLI is that a lot of things don’t support SSO sessions anyway. If you configure an IAM user with an SSO session name as recommended you’ll get errors like this:
$ eb init -p python-3.8 eb-flask-app ERROR: InvalidConfigError - The profile "default" is configured to use SSO but is missing required configuration: sso_start_url, sso_region
and this:
$ terraform apply | Error: configuring Terraform AWS Provider: loading configuration: profile "default" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
You can fix these by configuring without an SSO session:
$ aws configure sso SSO session name (Recommended): WARNING: Configuring using legacy format (e.g. without an SSO session). Consider re-running "configure sso" command and providing a session name. SSO start URL [None]: https://whatever.awsapps.com/start SSO region [None]: us-east-1 ...
You can also fix them by just editing your ~/.aws/config
, and copying the sso_start_url
and sso_region
keys from the [sso-session ...]
section into the relevant user’s section, but that might be a hack too far!
Using AWS CLI with IAM users
When you configure AWS CLI to use an IAM user, the first thing it asks for is an SSO session name. Don’t put whitespace or punctuation in it. The command doesn’t tell you this, but it’s going to use what you enter as an identifier, and fail with a cryptic error:
$ aws configure sso SSO session name (Recommended): AWS CLI on Gary's Chromebook SSO start URL [None]: https://whatever.awsapps.com/start SSO region [None]: us-east-1 SSO registration scopes [sso:account:access]: An error occurred (InvalidClientMetadataException) when calling the RegisterClient operation:
You need to put something like “gbenson” in there.