All of sudden I begin to get this error when trying to log in to aws cli. It opens my browser for a confirmation as usual but after visiting the URL, the browser then complains: Unable to connect 127.0.0.1 connection refused
There are two components that result to the issue above:
- AWS CLI default behaviour has been changed to omit device code
- You run the awscli on a different host than the web browser being used for authentication
Why it happens?
This new, default behavior is a problem when you run the awscli on a different host than the web browser being used for authentication. The new, default behavior requires that the awscli and an interactive web browser exist together.
And by interactive web browser, I mean one that provides JavaScript and cookies since the OAuth process requires it. So, it’s not a simple HTTP RESTful interface you can script the “curl” command for. That means you need Firefox or Chromium or any such GUI-based web browser.
In my case browser is running in Windows and AWS CLI is running in Windows Subsystem for Linux (WSL).
How to fix it?
The simplest fix is to revert back to older behavior and use device code by adding:
|
1 |
--use-device-code |
to auth command, like this:
|
1 |
aws sso login --profile=myprofile --use-device-code |
Good luck!
