Replies: 2 comments
-
|
Hmmm, I'm not sure. I just repeated your steps using the built in aws sso auth flow directly and it worked for me using the sso profile by name just like you did. Can you check to see if you have any AWS environment variables set that might be overriding the profile specification (although if this is the case i would think that the get-caller-identity wouldn't work either? Can you also run it a few times and see if you always get the 403, or maybe some other errors? Also, can you look to see if there are any different ones in |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for responding to me on this issue, |
Beta Was this translation helpful? Give feedback.
-
I am trying to use a SSO user to perform the all-checks command. Before I use cloudfox, I run the aws sso login --profile test command. This performs the required 2FA.
Then I run the
aws --profile test sts get-caller-identitycommand and this returns the valid data.I then run
./cloudfox aws --profile test all-checkscommand but I get the following error[🦊 cloudfox 🦊 ] Could not get caller's identity
Error: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 1b794c04-acf7-48a9-92ee-b227d3e8c48e, api error InvalidClientTokenId: The security token included in the request is invalid.2022/09/28 16:05:23 Could not get caller's identity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 1b794c04-acf7-48a9-92ee-b227d3e8c48e, api error InvalidClientTokenId: The security token included in the request is invalid.
Am I missing something?
Thank you,
Rick
Beta Was this translation helpful? Give feedback.
All reactions