(InvalidClientTokenId) when calling the GetAccountAuthorizationDetails operation about cloudsplaining HOT 5 CLOSED

@kmcquade Hi, I tried as you said and first saving the output of aws iam get-account-authorization-details --profile audit to a JSON file. Then using Cloudsplaining to check the json file and it works. Thanks a lot!

from cloudsplaining.

@kmcquade hi，could you help me to find out the problem？Thanks a lot!

from cloudsplaining.

yeah I can almost guarantee it's the AWS region being AWS china. IIRC it's hardcoded to be AWS in some cases.

I don't have capacity to make any fix like this, as I'm tied up with my startup. If you or anyone else wants to take this on and make a pull request with a fix, and it passes the unit tests, I can go ahead and approve/merge. Note that this would probably be a good opportunity to ensure compatibility with partitions other than aws or aws-cn like GovCloud or whatever the CIA abbreviation one is.

from cloudsplaining.

You could try saving the output of aws iam get-account-authorization-details --profile audit to a JSON file and then pumping that into Cloudsplaining - that might work. The cloudsplaining download command is just a simple wrapper for aws iam get-account-authorization-details so at least the input would work.

If that fails, and you don't want to make a PR for the tool, you could do another ugly workaround where you replace all instances of arn:aws-cn with arn:aws in the JSON output. Cloudsplaining would definitely accept that.

Sorry I can't be of more help. I just have other commitments that prevent me from being involved with the project at this point.

from cloudsplaining.

@kmcquade Thanks for your response. I'll try as you said and reply if I have any results.

from cloudsplaining.