AssumedRoll not working

Question

AssumedRoll not working

Closed this issue 5 years ago · 4 comments

ERR Cannot read property 'AssumeRoleResult' of undefined: TypeError: Cannot read property 'AssumeRoleResult' of undefined

I receive that whenever the extension opens/refreshes.

We have our Cloud9 environment launch from Account A but the EC2 instances are in Account B. IAM creds are coming from Account A and i'm getting the above error with Access denied. As the URLs have potentially sensitive information I would rather not provide here. While we've got some pretty rough security policies tied to users with IAM programmatic keys, I really just want to ensure that I have the general configuration correct, should the IAM keys be coming from account A or B.

Answer 1 · 2019-03-06T07:21:47.000Z

Hi John,

Your assumption is correct that only Account A requires the permissions. All communications with the extension is via the Cloud9 endpoints so it should not care or be aware if the EC2 instance is held in another account.

I haven't done extensive testing on the AssumedRole stuff, but it should just be calling an STS AssumeRole as per here. Can you see anything particularly interesting in the console (Help > Toggle Developer Tools > Console)? I left a log of the response in there so we should see the full result reasoning.

Answer 2 · 2019-03-06T17:25:10.000Z

so I pulled the assume role out of my settings and can at least refresh and get the environment, but when i go to connect i receive

User: arn:aws:iam::<ACCOUNT>:user/john.bruett is not authorized to perform: cloud9:CreateEnvironmentToken on resource: <RESOURCE ID> with an explicit deny

Answer 3 · 2019-06-03T13:35:04.000Z

So, I have the same issue here but if I pull out the assume role, another error is prompt. I cannot visualize the environments at all:

Fields configured on 'settings.json', don't know if more fields are required:

"cloud9sync.accessKey"
"cloud9sync.secretKey"
"cloud9sync.region"
"cloud9sync.assumeRole"

Error with assume role:

[2019-06-03 10:22:43.632] [renderer1] [error] Cannot read property 'AssumeRoleResult' of undefined: TypeError: Cannot read property 'AssumeRoleResult' of undefined
  at D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\utils.js:79:65
  at Parser.<anonymous> (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\xml2js\lib\parser.js:303:18)
  at Parser.emit (events.js:182:13)
  at SAXParser.onclosetag (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\xml2js\lib\parser.js:261:26)
  at emit (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\sax\lib\sax.js:624:35)
  at emitNode (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\sax\lib\sax.js:629:5)
  at closeTag (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\sax\lib\sax.js:889:7)
  at SAXParser.write (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\sax\lib\sax.js:1436:13)
  at Parser.exports.Parser.Parser.parseString (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\xml2js\lib\parser.js:322:31)
  at Parser.bind [as parseString] (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\xml2js\lib\parser.js:5:59)
  at Object.exports.parseString (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\xml2js\lib\parser.js:354:19)
  at Request._callback (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\utils.js:73:28)
  at Request.init.self.callback (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\request\request.js:185:22)
  at Request.emit (events.js:182:13)
  at Request.<anonymous> (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\request\request.js:1157:10)
  at Request.emit (events.js:182:13)
  at IncomingMessage.<anonymous> (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\request\request.js:1079:12)
  at Object.onceWrapper (events.js:273:13)
  at IncomingMessage.emit (events.js:187:15)
  at endReadableNT (_stream_readable.js:1090:12)
  at process._tickCallback (internal/process/next_tick.js:63:19)

Error without assume role:

[2019-06-03 10:27:19.864] [renderer1] [error] Cannot read property 'body' of undefined: TypeError: Cannot read property 'body' of undefined
  at Request._callback (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\extension.js:917:59)
  at Request.init.self.callback (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\request\request.js:185:22)
  at Request.emit (events.js:182:13)
  at Request.onRequestError (D:\Profiles\userName\.vscode\extensions\iann0036.live-share-for-aws-cloud9-0.9.10\node_modules\request\request.js:877:8)
  at ClientRequest.emit (events.js:187:15)
  at TLSSocket.socketErrorListener (_http_client.js:382:9)
  at TLSSocket.emit (events.js:182:13)
  at emitErrorNT (internal/streams/destroy.js:82:8)
  at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
  at process._tickCallback (internal/process/next_tick.js:63:19)

Answer 4 · 2019-06-16T14:26:53.000Z

I think this was an issue on my side and not using the correct role. I've since update the role and not experienced the issue.