Skip to content

Fix Invoke-AWSSSOLogin failure when default profile is configured for SSO login#419

Open
sankettangade wants to merge 1 commit into
developmentfrom
bug-fix/sso-cmdlets-not-reading-default-profile
Open

Fix Invoke-AWSSSOLogin failure when default profile is configured for SSO login#419
sankettangade wants to merge 1 commit into
developmentfrom
bug-fix/sso-cmdlets-not-reading-default-profile

Conversation

@sankettangade
Copy link
Copy Markdown
Contributor

@sankettangade sankettangade commented May 27, 2026
edited
Loading

Description

Fix Initialize-AWSSSOConfiguration -ProfileName default so it writes the profile under [default] section header in ~/.aws/config instead of the [profile default]. Every profile uses [profile <name>] except the default profile, which must be just [default].

Both AWS CLI and the existing AWSLoginProfileMethods in this project (used by Invoke-AWSLogin) already handle this edge case correctly.

Changes:

  • SSOProfileMethods.RegisterSsoProfileAndSession now writes [default] when the profile name is default
  • Cleanup: corrected error message at SSOCmdlets.cs:122 that referenced {ProfileName} in a branch where it was always null.

Motivation and Context

Testing

Tested locally on Windows and on a fresh EC2 Windows instance:

  1. Original repro: Initialize-AWSSSOConfiguration -ProfileName default followed by Invoke-AWSSSOLogin (no args). Verified the section is written as bare [default] and the no-args login succeeds.
  2. End-to-end credential resolution: Confirmed Get-S3Bucket works against the SSO-configured default profile.
  3. Pre-existing keys preservation: Pre-populated [default] with region and other keys; confirmed unrelated keys survive after running the init cmdlet (matches aws configure sso behavior).
  4. Non-default profile regression: -ProfileName myprofile still produces [profile myprofile] as before.

Dry-run

  • Dry-run ID: b4119f1b-f35a-4ac5-86ee-417e7173ad38
  • Status:
    • Pending
    • Completed successfully
    • Failed
  • Failed bypass reason:

Breaking Changes Assessment

No Breaking Changes

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

We require a second engineer to validate the PR before merging

  • My code builds in Gamma and passes backward compatibility validation (required)
  • My code follows the code style of this project
  • My change requires a change to the documentation
  • I have updated the documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes
  • All new and existing tests passed

New/existing dependencies impact assessment, if applicable

Note to reviewers: Please follow runbook to update the internal open source attribution tool

License

  • I confirm that this pull request can be released under the Apache 2 license

@sankettangade sankettangade requested review from a team as code owners May 27, 2026 17:10
@sankettangade sankettangade requested review from afroz429 and ashishdhingra and removed request for a team May 27, 2026 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashishdhingra ashishdhingra ashishdhingra approved these changes

@afroz429 afroz429 Awaiting requested review from afroz429 afroz429 is a code owner automatically assigned from aws/aws-sdk-powershell-reviewers

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sankettangade @ashishdhingra