尝试将Terragrunt（terraform）与Okta一起使用

我试图利用Terragrunt中Okta的使用，我在担任这个角色时遇到了一些问题。 我的~/.aws/config文件

aws_saml_url = home/amazon_aws/XXXXXXXXX/XXXXXXXXX

[profile assume-admin]
role_arn = arn:aws:iam::XXXXXXXXX:role/assumeAdmin
region = us-west-2

[profile dev]
source_profile = assume-admin
role_arn = arn:aws:iam::XXXXXXXXX:role/adminUser

没有terragrunt，只使用Terraform和Okta，我看不出任何问题

$ aws-okta exec dev -- bash
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.terraform_remote_state.bastion: Refreshing state...
data.terraform_remote_state.vpc: Refreshing state...
data.terraform_remote_state.bastion: Refreshing state...
data.terraform_remote_state.vpc: Refreshing state...
data.aws_caller_identity.current: Refreshing state...

SNIP

Plan: 0 to add, 2 to change, 0 to destroy.

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

现在使用Terragrunt

terragrunt plan
[terragrunt] [/Users/user/dev/infrastructure/terraform/accounts/dev/us-west-2/dev/app] 2018/07/23 17:32:56 Running command: terraform --version
[terragrunt] 2018/07/23 17:32:56 Reading Terragrunt config file at /Users/user/dev/infrastructure/terraform/accounts/dev/us-west-2/dev/app/terraform.tfvars
[terragrunt] 2018/07/23 17:32:56 Backend s3 has not changed.
[terragrunt] 2018/07/23 17:32:56 Error initializing session: SharedConfigAssumeRoleError: failed to load assume role for arn:aws:iam::XXXXXXXXX:role/adminUser, source profile has no shared credentials
[terragrunt] 2018/07/23 17:32:56 Unable to determine underlying exit code, so Terragrunt will exit with error code 1

---

谢谢。

我可以通过在执行加载了我的AWS凭据/变量的AWS okta exec takt dev--bash之后设置

AWS\u CONFIG\u FILE=/dev/null

来解决这个问题

使用

AWS\u PROFILE=PROFILE\u NAME

或使用

unset AWS\u*

未定义shell变量将返回上述错误

仅供参考。我正在运行Terraform v0.11.7