2 min read | by Jordi Prats
If you use Azure Active Directory to provide SSO login you might be using aws-azure-login to use the normal Azure AD login (including MFA) from the command line to create a federated AWS session, placing the temporary credentials for the AWS CLI and other tools like Terraform to use them
If the tool is failing you might need to use the GUI mode to check what's going on, but if you are using the docker container you will get the following error instead:
$ aws-azure-login --profile prod --mode=gui
Logging in with profile 'prod'...
Using AWS SAML endpoint https://signin.aws.amazon.com/saml
Error: Failed to launch the browser process!
Fontconfig warning: "/etc/fonts/fonts.conf", line 100: unknown element "blank"
[16:16:1122/083057.367058:ERROR:browser_main_loop.cc(1425)] Unable to open X display.
TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md
at onClose (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:194:20)
at ChildProcess.<anonymous> (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:185:79)
at ChildProcess.emit (events.js:387:35)
at ChildProcess.emit (domain.js:470:12)
at Process.ChildProcess._handle.onexit (internal/child_process.js:277:12)
The docker container is one the method you have for using the tool (documented on the README file), they even provide a handy script for using it:
sudo curl -o /usr/local/bin/aws-azure-login https://raw.githubusercontent.com/sportradar/aws-azure-login/main/docker-launch.sh -L
sudo chmod o+x /usr/local/bin/aws-azure-login
But the problem with this script is that the tool inside the docker container doesn't have access to neither the DISPLAY variable or the /tmp/.X11-unix socket. You can easily fix this by pushing the variable and mounting the socket's path into the container using the following options:
-e DISPLAY="$DISPLAY" -v /tmp/.X11-unix:/tmp/.X11-unix
The resulting docker-launch.sh script should look like this:
:::text hl=lines="3"
#!/usr/bin/env bash
docker run --rm -it -v ~/.aws:/root/.aws -e DISPLAY="$DISPLAY" -v /tmp/.X11-unix:/tmp/.X11-unix sportradar/aws-azure-login "$@"
So now we are going to be able to launch the application in GUI mode using --mode=gui:
$ aws-azure-login --profile prod --mode=gui
I have created a PR for this, but given that most of the PR are not updated/answered/merged I don't give much hope this is going to be merged
Posted on 23/11/2021