amplify-cli: upgrade to 10.8.1 returning failed to get profile credentials

Hi @OperationalFallacy, sorry for late response. I am not able to reproduce the issue using latest Amplify CLI, can you provide more details about the issue you’re having?

1. which command is failing for you? can you provide the stack trace printed when you execute the command with --debug flag?
2. can you provide a set of steps to reproduce the issue in a newly created project?
3. can you share with us at amplify-cli@amazon.com your ~/.aws/config file, please remove any sensitive information
4. is your issue with selecting an AWS profile on amplify init or you’re experiencing issues with the Social Sign-in Auth flow as described here: https://docs.amplify.aws/lib/auth/social/q/platform/js/

Thank you

Here’s a full output on a freshly installed amplify package, new project.

amplify init
Note: It is recommended to run this command from the root of your app directory
? Enter a name for the project testapi
The following configuration will be applied:

Project information
| Name: testapi
| Environment: dev
| Default editor: Visual Studio Code
| App type: javascript
| Javascript framework: none
| Source Directory Path: src
| Distribution Directory Path: dist
| Build Command: npm run-script build
| Start Command: npm run-script start

? Initialize the project with the above configuration? No
? Enter a name for the environment dev
? Choose your default editor: Visual Studio Code
✔ Choose the type of app that you're building · javascript
Please tell us about your project
? What javascript framework are you using react
? Source Directory Path:  src
? Distribution Directory Path: build
? Build Command:  npm run-script build
? Start Command: npm run-script start
Using default provider  awscloudformation
? Select the authentication method you want to use: AWS profile

For more information on AWS Profiles, see:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

? Please choose the profile you want to use testprofile-sso-dev
🛑 Failed to get profile credentials
Cannot read properties of undefined (reading 'accessKeyId')

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: 83461e3a-9008-4ee5-92ae-8c376a5e103f

There is nothing special about profile, standard SSO

[profile testprofile-sso-dev]
sso_start_url = https://test.awsapps.com/start#/
sso_region = us-east-1
sso_account_id = xxx
sso_role_name = Developer
region = us-east-1
output = json

and its logged in and working properly, I’ve tried some simple operations like aws s3 ls

npx amplify --version
11.0.5

I’ve tried to use amplify first time and immediately ended up on this issue. Dear maintainers, this is the first thing customer sees when interacting with the library. I’m sorry to say this, but it’s pretty terrible experience.

Every other web library I’ve used had flawless initial auth flow (usually oauth2 with GitHub).

Hey @adcanis thanks for checking, and apologies for the experience. I was able to reproduce this by using the following steps:

1. from this doc, enable IAM identity center and create an org
2. add an account under “Multi-account permissions” > “AWS Accounts”
3. create a permissions set with AdministratorAccess
4. create a group “admins”
5. create a user (e.g. “josef”), assign to “admins” group
6. grant access to the account added in step 2
7. log in using the “start url” (e.g. https://xxxxxx.awsapps.com/start)
8. create a profile and sso-session in ~/.aws/config (you can also create this with aws configure sso
9. add the credential_process to the created profile

   # ~/.aws/config
   [profile sso-josef]
   sso_session = josef
   sso_account_id = xxx
   sso_role_name = AdministratorAccess
   region = us-east-1
   credential_process = aws sso login --profile sso-josef
   [sso-session josef]
   sso_start_url = https://xxx.awsapps.com/start#
   sso_region = us-east-1
   sso_registration_scopes = sso:account:access
   

10. in an initialized Amplify project, change the profile in amplify/.config/local-aws-info.json to use the new SSO profile

    {
      "dev": {
        "configLevel": "project",
        "useProfile": true,
        "profileName": "sso-josef"
      }
    }
    

11. run amplify status
12. observe the credential process runs and we are prompted to login to the org and are successful
13. upon returning to the local terminal, observe error

⠏ Fetching AWS Amplify Console domains🛑 Failed to get profile credentials
Unexpected token A in JSON at position 0

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/
⠙ Fetching AWS Amplify Console domains
Session Identifier: 9a86ef00-7023-447a-8504-a2a8b13e5732

Marking as a bug 🙂

Same issue as @OperationalFallacy. SSO profile is working for the SDK and CDK.

[profile my-profile]
sso_start_url = https://[redacted].awsapps.com/start
sso_region = us-east-1
sso_account_id = [redacted]
sso_role_name = [redacted]
region = us-east-1

Just a follow up. The issue seems to be with aws sso. When aws sso login --profile <> is ran to login, it does not update the /.aws/credentials with the new AWS Access Key ID, AWS Secret Access Key, AWS Session Token. This throws the error experienced above.

What i’ve been doing now is logging in, then pasting the new credentials found in Command line or programmatic access and performing the amplify commands after.

@josefaidt if it helps. The issue seems to be related to my API. I’ve re-pulled the backend, making a small change to my Lambda and amplify push was successful. The API fails with error

Failed to get profile credentials. Unexpected token A in JSON at position 0