diff --git a/pkg/aws_config_server/assemble_config.go b/pkg/aws_config_server/assemble_config.go index 487125b4..6b464362 100644 --- a/pkg/aws_config_server/assemble_config.go +++ b/pkg/aws_config_server/assemble_config.go @@ -57,11 +57,16 @@ func (a *ClientIDToAWSRoles) mapRoles(ctx context.Context, oidcProvider string) CredentialsChainVerboseErrors: aws.Bool(true), } iamClient := a.awsClient.WithIAM(workerAWSConfig).IAM.Svc - workerRoles := listRoles(ctx, iamClient) + workerRoles, err := listRoles(ctx, iamClient) + if err != nil { + logrus.Error(err) + return errors.Wrapf(err, "%s error", accountName) + } logrus.Debugf("function: aws_config_server/assemble_config.go/mapRoles(), workerRoles: %v", workerRoles) - err := clientRoleMapFromProfile(ctx, accountName, workerRoles, oidcProvider, a.clientRoleMapping) + err = clientRoleMapFromProfile(ctx, accountName, workerRoles, oidcProvider, a.clientRoleMapping) if err != nil { + logrus.Error(err) return errors.Wrap(err, "Unable to complete mapping between ClientIDs and ConfigProfiles") } } diff --git a/pkg/aws_config_server/list_roles.go b/pkg/aws_config_server/list_roles.go index f4ecbcb7..6d88bc34 100644 --- a/pkg/aws_config_server/list_roles.go +++ b/pkg/aws_config_server/list_roles.go @@ -45,7 +45,7 @@ type ConfigProfile struct { roleName string } -func listRoles(ctx context.Context, svc iamiface.IAMAPI) []*iam.Role { +func listRoles(ctx context.Context, svc iamiface.IAMAPI) ([]*iam.Role, error) { // Run the AWS list-roles command and save the output input := &iam.ListRolesInput{} output := []*iam.Role{} @@ -57,10 +57,15 @@ func listRoles(ctx context.Context, svc iamiface.IAMAPI) []*iam.Role { }, ) if err != nil { - logrus.Error(err) + if aerr, ok := err.(awserr.Error); ok { + if aerr.Code() == iam.ErrCodeInvalidAuthenticationCodeException { + logrus.Error(err) + return output, nil + } + } + return output, errors.Wrap(err, "Error listing IAM roles") } - - return output + return output, nil } type Action []string