Atmos identity = false does not work

[afeblot]

Describe the Bug

With the following section in my atmos.yaml :

auth:
  providers:
    mycompany-sso:
      kind: aws/iam-identity-center
      start_url: https://mycompany.awsapps.com/start
      region: eu-west-1
      session:
        duration: 8h
      console:
        session_duration: 12h

  identities:
    prod-admin:
      kind: aws/permission-set
      via:
        provider: mycompany-sso
      principal:
        name: AdministratorAccess
        account:
          id: "111111111111"
      default: true

Running atmos tf plan myapp -s dev properly logs me in my AWS account and all works fine.

However, running

• atmos tf plan myapp -s dev --identity=false
  • on 1.201.0: triggers an error (cf below)
  • on 1.202.0: is not taken into account at all, the browser interactive auth is triggered
• export ATMOS_IDENTITY=false && atmos tf plan myapp -s dev
  • on both 1.201.0 and 1.202.0: triggers an error (cf below)

The error triggered:

 identityName 

 Error: invalid auth config

## Hints

 💡 Identity specified was not found in the auth config.

 Error 

 Error: identity not found

## Explanation

  false 

Expected Behavior

With either --identity=false or export ATMOS_IDENTITY=false, according to the documentation, I would expect the Atmos auth not to kick in, Atmos not reporting any auth related error and moving on, allowing me to have OpenTofu authenticate directly with AWS using the ususal AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc...

Steps to Reproduce

Run export ATMOS_IDENTITY=false && atmos tf plan myapp -s dev on a standard simple stack.
In case it matters, here is my full atmos.yaml config:

base_path: "./"

components:
  terraform:
    base_path: "components/terraform"
    apply_auto_approve: false
    deploy_run_init: true
    init_run_reconfigure: true
    auto_generate_backend_file: false

stacks:
  base_path: "stacks"
  included_paths:
    - "*"
  excluded_paths:
    - "**/_defaults.yaml"
  name_template: "{{ .vars.stage }}"

workflows:
  base_path: stacks/workflows

logs:
  file: "/dev/stderr"
  level: Info

settings:
  list_merge_strategy: replace
  terminal:
    color: true
    max_width: 120
    pager: false
  telemetry:
    enabled: false

auth:
  providers:
    mycompany-sso:
      kind: aws/iam-identity-center
      start_url: https://mycompany.awsapps.com/start
      region: eu-west-1
      session:
        duration: 8h
      console:
        session_duration: 12h

  identities:
    prod-admin:
      kind: aws/permission-set
      via:
        provider: mycompany-sso
      principal:
        name: AdministratorAccess
        account:
          id: "111111111111"
      default: true

Screenshots

No response

Environment

• OS: Ubuntu 24.04 on WSL2
• Atmos version: 1.201.0 and 1.202.0

Additional Context

No response

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

• Create Plan

Examples

• Example 1
• Example 2

---

🔗 Related PRs

#827 - Export configuration information in shell launched by Atmos [merged]
#1072 - expose env variable ATMOS_CLI_CONFIG_PATH and ATMOS_BASE_PATH before running terraform and helm cmd [merged]
#1623 - Bugfix: auth identities should default load the AWS Environment vars (if AWS based identities) [merged]
#1654 - Isolate AWS env vars during authentication [merged]
cloudposse/geodesic#979 - Add Atmos auth integration to Geodesic [merged]

👤 Suggested Assignees

• osterman
• Nuru
• haitham911
• Benbentwo

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord or schedule a call!

[osterman]

Thanks for reporting! We'll get this addressed next week.

[afeblot]

Thanks!