Comments (14)
There was a similar issue #25. Launching the IDE from the CLI should help. If not, please share the relevant stacktrace from idea.log.
from intellij-dynamodb.
Works when launching from the CLI but do I have to change my workflow just for the plugin? All else works fine, even Big Data Tools can connect to AWS using a similar connection configuration. Would love for this to be seamless so I can roll out paid licenses to my team. Thoughts?
from intellij-dynamodb.
Can you share the relevant stacktrace from idea.log (Help > Show Log in Finder ) and what credential_process
is used for auth? I'll try to fix this.
from intellij-dynamodb.
I see the log but lots of noise in here. What kind of text am I looking for to share?
from intellij-dynamodb.
java.lang.IllegalStateException: Failed to refresh process-based credentials.
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.refreshCredentials(ProcessCredentialsProvider.java:139)
at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$3(CachedSupplier.java:283)
at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:419)
at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:198)
at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:127)
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.resolveCredentials(ProcessCredentialsProvider.java:121)
at software.amazon.awssdk.core.internal.util.MetricUtils.measureDuration(MetricUtils.java:50)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.resolveCredentials(AwsCredentialsAuthorizationStrategy.java:100)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.addCredentialsToExecutionAttributes(AwsCredentialsAuthorizationStrategy.java:77)
at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:120)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:179)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76)
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56)
at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRole(DefaultStsClient.java:269)
at software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider.getUpdatedCredentials(StsAssumeRoleCredentialsProvider.java:71)
at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.updateSessionCredentials(StsCredentialsProvider.java:88)
at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$3(CachedSupplier.java:283)
at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:419)
at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:198)
at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:127)
at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.resolveCredentials(StsCredentialsProvider.java:99)
at software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider.resolveCredentials(StsAssumeRoleCredentialsProvider.java:43)
at org.dynamodb4idea.c$a.resolveCredentials(SourceFile:110)
at org.dynamodb4idea.a.resolveCredentials(SourceFile:117)
at software.amazon.awssdk.core.internal.util.MetricUtils.measureDuration(MetricUtils.java:50)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.resolveCredentials(AwsCredentialsAuthorizationStrategy.java:100)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.addCredentialsToExecutionAttributes(AwsCredentialsAuthorizationStrategy.java:77)
at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:120)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:179)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76)
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56)
at software.amazon.awssdk.services.dynamodb.a.listTables(SourceFile:5145)
at software.amazon.awssdk.services.dynamodb.DynamoDbClient.listTables(DynamoDbClient.java:5787)
at org.dynamodb4idea.lH$g.a(SourceFile:143)
at org.dynamodb4idea.lH$g.invoke(SourceFile:146)
at org.dynamodb4idea.p.a(SourceFile:24)
at org.dynamodb4idea.p.b(SourceFile:49)
at org.dynamodb4idea.q$a.run(SourceFile:27)
at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.IllegalStateException: Command returned non-zero exit value (127) with error message: sh: saml2aws: command not found
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.executeCommand(ProcessCredentialsProvider.java:215)
at software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider.refreshCredentials(ProcessCredentialsProvider.java:126)
... 63 more
from intellij-dynamodb.
Additionally, when launched from the CLI, the connection seems to inspect DynamoDB resources just fine but when I try a query I see the following:
AccessDeniedException
User: arn:aws:sts::<<account number>>:assumed-role/<<role name>>/aws-sdk-java-1680121851194 is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-east-1:<<account number>>:table/<<table name>> because no identity-based policy allows the dynamodb:Query action
My role certainly does not contain the aws-sdk-java-1680121851194
text in the arn path. Is that normal?
The text up until that point properly reflects the role though:
arn:aws:sts::<<account number>>:assumed-role/<<role name>>
from intellij-dynamodb.
Thanks for the info, I will look into it.
from intellij-dynamodb.
Much appreciated.
from intellij-dynamodb.
Curious when you think you'll get to looking into this. It's an unfortunate full blocker at the moment.
from intellij-dynamodb.
I'm going to release a fix next week.
from intellij-dynamodb.
Excellent. Looking forward to it.
from intellij-dynamodb.
This bug is fixed now, please update to 2023.1.1.
Regarding the AccessDeniedException
error, aws-sdk-java-1680121851194
is the name of the temporary session which is added by AWS SDK if it is not already present. It shouldn't be a problem as long as the role has the correct permissions and there is no condition for sts:RoleSessionName
.
Can you check with AWS CLI if you can run the same query?
from intellij-dynamodb.
I no longer see the java.lang.IllegalStateException: Failed to refresh process-based credentials
error but still see the AccessDeniedException
. Same from the CLI. Do you know what permission is required so I can chat with security?
from intellij-dynamodb.
Thanks for confirming that the error is gone.
You can use AmazonDynamoDBFullAccess
policy or set up policy for the specific table.
For reading data you need dynamodb:ListTables
, dynamodb:DescribeTable
, dynamodb:Query
, dynamodb:Scan
and dynamodb:ExecuteStatement
(for PartiQL) permissions. For managing data you also need dynamodb:UpdateItem
, dynamodb:PutItem
, dynamodb:DeleteItem
and dynamodb:BatchWriteItem
permissions.
You can find more details here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_specific-table.html
from intellij-dynamodb.
Related Issues (20)
- DynamoDB Scan Request Doesn't Work As Expected HOT 2
- [Suggestion] Make double-clicking on the row ID a shortcut to opening the edit window HOT 2
- [Suggestion] Dragging columns should be preserved if you refresh query HOT 2
- Expanding edit window doesn't expand textarea HOT 2
- Login does not support AWS temporary credentals HOT 3
- problems for export data HOT 2
- Dynamodb local cconnection fails HOT 1
- Deleting table does not refresh display HOT 1
- Sort results within ddb window HOT 1
- csv export not exporting column headers HOT 1
- New Sort feature not working properly with primary keys HOT 1
- Table names with a dot are truncated in editor tabs HOT 1
- Fetching tables list takes too long HOT 3
- Tables list search and filtering HOT 1
- Table Name Exclude Pattern HOT 1
- Quick Search in the Table Browser HOT 1
- Automatically add closing quota in Query in Data Browser HOT 1
- Plugin makes it nearly impossible to work with projects that have multiple similar named files. HOT 1
- begins_with query condition no longer allowed HOT 1
- Multiple windows, not modal HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from intellij-dynamodb.