AWS Tool kit/Amazon Q Developer extension: Cannot authenticate using AWS SSO when connected via Remote SSH extension on AWS ec2 instance

[Det27]

System details (run AWS: About and/or Amazon Q: About)

• OS: Linux x64 6.1.109-118.189.amzn2023.x86_64
• Visual Studio Code extension host: 1.97.0
• AWS Toolkit: 3.46.0
• Amazon Q: 1.47.0

Question

I use VSCode to develop python scripts on a AWS ec2-instance using Remote-SSH see vscode documentation. I'd like to use AWS Toolkit and Amazon Q Developer Pro. I installed the extensions via vscode marketplace on the AWS ec2 instance - no erros. But when I try to connect to AWS IAM Identity Center I get the following error:

 [error] API response (oidc.eu-central-1.amazonaws.com /client/register): {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read',
  name: 'TimeoutError'
}


[error] ssoSetup encountered an error: TimeoutError: read ECONNRESET [ECONNRESET]
[error] webviewId="aws.toolkit.AmazonCommonAuth": Error: Webview error
         -> Error: Webview backend command failed: "createIdentityCenterConnection()"
         -> TimeoutError: read ECONNRESET [ECONNRESET]

When I try the same in a different VSCode dev project with AWS Toolkit and/or Amazon Q Developer installed locally (no remote SSH involved) - it works fine

I configured aws cli on the AWS ec2 instance and configured SSO and executing aws sso login --sso-session --no-browse - it works fine when manually copying the URL to a browser to authenticate

I suppose it fails because the remote ssh/AWS ec2 instance cannot manage to open a browser for signing-in to AWS IAM Identity Center. On https://code.visualstudio.com I found something: code.visualstudio.com/docs/remote/…. Sounds to me that AWS Toolkit/Amazon Q Developer extensions must implement vscode.env.openExternal API

How can I get this to work

Thank you so much for your assistance

[justinmk3]

In the AWS Toolkit logs, are there any messages mentioning "imds" (case-insensitive), and if so can you post them?

on a AWS ec2-instance using Remote-SSH see vscode documentation

Are you using the recently-launched AWS: Connect VS Code to EC2 Instance... feature of AWS Toolkit?

[Det27]

Hi @justinmk3 ,
thanks for your reply. In the meantime I found a workaround: I have installed AWS toolkit/Amazon Q Developer locally. see also Remote SSH: Advanced forcing an extension to run locally remotely

settings.json

"remote.extensionKind": {
    "amazonwebservices.aws-toolkit-vscode": [
        "ui"
    ],
    "amazonwebservices.amazon-q-vscode": [
        "ui"
    ]
}

[justinmk3]

In the AWS Toolkit logs, are there any messages mentioning "imds" (case-insensitive), and if so can you post them?

Without those logs, I'm unable to help with this issue.

How are you connecting to EC2? Are you using the recently-launched AWS: Connect VS Code to EC2 Instance... feature of AWS Toolkit?