Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to login with Q with IAM Identity Center User #6163

Open
birdup000 opened this issue Dec 5, 2024 · 4 comments
Open

Unable to login with Q with IAM Identity Center User #6163

birdup000 opened this issue Dec 5, 2024 · 4 comments
Labels
amazon-q auth-credentials authentication, authorization, credentials, AWS Builder ID, sso bug We can reproduce the issue and confirmed it is a bug. needs-response Waiting on reply from issue/PR author.

Comments

@birdup000
Copy link

birdup000 commented Dec 5, 2024
edited
Loading

Problem

logs

2024-12-05 16:19:26.947 [info] auth: Updating connection state of random uuid to authenticating
2024-12-05 16:19:26.948 [info] codewhisperer: connection changed to authenticating: random uuid
2024-12-05 16:19:26.951 [info] current client registration id=undefined
    expires at undefined
    key = a key
2024-12-05 16:19:36.055 [error] Unable to find /home/birb/.vscode/extensions/amazonwebservices.amazon-q-vscode-1.39.0/dist/src/auth/sso/vue/favicon.ico
2024-12-05 16:19:36.282 [error] API response (oidc.us-east-1.amazonaws.com /token): {
  name: 'AccessDeniedException',
  '$fault': 'client',
  '$metadata': {
    httpStatusCode: 400,
    requestId: 'a request id here',
    extendedRequestId: undefined,
    cfId: undefined
  },
  error: 'access_denied',
  error_description: 'Access denied',
  message: 'UnknownError'
}
2024-12-05 16:19:36.289 [error] ssoSetup encountered an error: Error: Failed to connect to IAM Identity Center [FailedToConnect]
	 -> AccessDeniedException: Access denied
2024-12-05 16:19:36.289 [error] webviewId="aws.amazonq.AmazonCommonAuth": Error: Webview error
	 -> Error: Webview backend command failed: "startCodeWhispererEnterpriseSetup()"
	 -> Error: Failed to connect to IAM Identity Center [FailedToConnect]
	 -> AccessDeniedException: Access denied

Steps to reproduce the issue

Expected behavior

To be able to login with pro key with AWS identity center

System details (run AWS: About and/or Amazon Q: About)

OS: Linux x64 6.6.62-clts1.0.fc41.x86_64
Visual Studio Code extension host: 1.95.3
Amazon Q: 1.39.0
node: 20.18.0
electron: 32.2.1
@birdup000 birdup000 added the bug We can reproduce the issue and confirmed it is a bug. label Dec 5, 2024
@birdup000 birdup000 changed the title Unable to login with Q Unable to login with Q with IAM Identity Center User Dec 5, 2024
@justinmk3 justinmk3 added auth-credentials authentication, authorization, credentials, AWS Builder ID, sso amazon-q labels Dec 5, 2024
@justinmk3
Copy link
Contributor

Are you using the free tier or the pro tier?

If you have done the above, you will need to contact AWS support and provide the failing request-id so that the service team can debug that request-id.

@justinmk3 justinmk3 added the needs-response Waiting on reply from issue/PR author. label Dec 5, 2024
@birdup000
Copy link
Author

Are you using the free tier or the pro tier?

* Amazon Q Free tier does not support IdC for use from an IDE: https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/q-free-tier.html

* Ensure that you have set up the Amazon Q Pro Tier in AWS console: https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/q-pro-tier-setting-up-access.html
  
  * console link: https://us-east-1.console.aws.amazon.com/amazonq/home?region=us-east-1#user-provisioning

If you have done the above, you will need to contact AWS support and provide the failing request-id so that the service team can debug that request-id.

Hi thank you for getting back on this issue, I have contacted support I think it may be a configuration issue with my IAM Identity User for Q. I have set everything up according to the documentation. I have the Business subscription tier for Q. It allows me to login with the AWS toolkit no problem using the same user from the IAM.

@birdup000
Copy link
Author

Update when I enabled the Pro tier it immediately worked for logging in but I'm on the business trial and thought it included IDE.

Are you using the free tier or the pro tier?

* Amazon Q Free tier does not support IdC for use from an IDE: https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/q-free-tier.html

* Ensure that you have set up the Amazon Q Pro Tier in AWS console: https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/q-pro-tier-setting-up-access.html
  
  * console link: https://us-east-1.console.aws.amazon.com/amazonq/home?region=us-east-1#user-provisioning

If you have done the above, you will need to contact AWS support and provide the failing request-id so that the service team can debug that request-id.

@justinmk3
Copy link
Contributor

If you send the requestId to support, they can forward it to the service team to confirm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
amazon-q auth-credentials authentication, authorization, credentials, AWS Builder ID, sso bug We can reproduce the issue and confirmed it is a bug. needs-response Waiting on reply from issue/PR author.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@birdup000 @justinmk3