Hello out there.
I am trying to configure a new ChefDK server that will be able to access our main AWS account for user authentication, and then be able to switch to different IAM roles that are used and tied to separate accounts.
Essentially what we have is a centralized account for all user accounts that must be logged into first to gain access. Once authenticated we then use Role Switching to access the different AWS Accounts(environments).
On my DK server I have the knife-ec2 gem installed and configured and can run commands successfully against the Chef server directly.
[tony.elliott@ip-10-8-4-27 chef-repo]$ knife role list
test
[tony.elliott@ip-10-8-4-27 chef-repo]$
I am able to use the awscli to retrieve data from AWS with role switching and MFA active.
I have configured the following in my knife.rb file:
[default]
output = json
region = us-west-2
[profile tony.elliott]
region = us-west-2
output = json
[profile staging]
region = us-west-2
source_profile = tony.elliott
role_arn = ROLEARN
mfa_serial = MFASERIAL
When trying to switch to the staging role I receive the following error:
[tony.elliott@ip-10-8-4-27 chef-repo]$ knife ec2 server list --aws-profile staging
ERROR: ArgumentError: The provided --aws-profile 'staging' is invalid.
[tony.elliott@ip-10-8-4-27 chef-repo]$
When using my named profile that does not involve cross account role switching I get the expected results.
Has anyone out there been able to use knife-ec2 with multi-account role switching to deploy and configure into multiple environments?