Cross-Account ( profile ) Support

Question

Cross-Account ( profile ) Support

Closed this issue 7 years ago · 3 comments

I am trying to migrate an existing Angular-based Mobilehub project ( Project A ) generated by me, under my account, to a Mobilehub project ( Project B ) under an Assumed Role to a different account.

I am able to create the Mobilehub project under the Assumed Role by Importing the mobile-hub-project.yml of Project A. I now have the resources provisioned for Project B

I’m able to push the Project A code to Codecommit repository in Assumed Role account using git credential-helper invoking the --profile flag

!aws codecommit credential-helper --profile MyCrossAccountAccessProfile $@"

But the cli throws an error when I try to init the code to the project id of Project B

awsmobile init <project_b_id>

failed to link to backend awsmobile project with id = project_b_id

Should the awsmobile cli support the --profile flag, or am I doing something wrong?

Answer 1 · 2018-04-26T22:11:31.000Z

before you run awsmobile init, get out of any valid awsmobilejs project, and run
awsmobile configure aws --profile MyCrossAccountAccessProfile.
This sets the general aws access configuration for the awsmobile-cli, which will be used next time when you execute awsmobile init or awsmobile start.

then cd to your local project root folder, and execute:
awsmobile init <project_b_id>

Answer 2 · 2018-04-27T13:37:46.000Z

Ah! That makes way more sense that what I was trying to do. Thanks.

Answer 3 · 2018-05-02T14:16:55.000Z

I'm still not able to init the project.

I'm able to invoke AWS cli for mobile and see the projects listed in my other profile but I can't seem to init the backend.

$ aws mobile list-projects --profile MyCrossAccountAccessProfile
{
    "projects": [
        {
            "projectId": “<project_b_id>”, 
            "name": “PROJEC_NAME”
        }
    ]
}
 
$ awsmobile configure aws --profile MyCrossAccountAccessProfile

configure aws
Setting awsmobile-cli to use named profile: MyCrossAccountAccessProfile

Done

$ awsmobile init <project_b_id>

this project's backend is currently set to be <project_a>
with mobile project id = <project_a_id>
and was initialized at 2018-05-01-17-46-04
? switch backend to awsmobile project with id = project_b_id Yes
init will now try to switch to the newly specified backend

failed to link to backend awsmobile project with id = <project_b_id>
{ NotFoundException: No such project exists : <project_b_id>
   .
   .
  message: 'No such project exists : <project_b_id>',
  code: 'NotFoundException',
 }

I also tried

$ export AWS_PROFILE=MyCrossAccountAccessProfile

per the AWS CLI docs but no luck.

my ~/.aws/config

[default]
region = us-east-1
output = json

[profile MyCrossAccountAccessProfile]
role_arn = arn:aws:iam::*****************:role/MyCrossAccountAccessProfile
region = us-east-1
source_profile = default

and ~/.aws/credentials

[default]
aws_access_key_id = MYACCESSKEYID
aws_secret_access_key = mysecretaccesskey

[MyCrossAccountAccessProfile]
aws_access_key_id = MYACCESSKEYID
aws_secret_access_key = mysecretaccesskey