Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

$Env:AWS_PROFILE disregarded when set to a profile defined in ~/.aws/config ("No valid credential sources...") #10066

Closed
bgshacklett opened this issue Sep 10, 2019 · 4 comments
Labels
provider Pertains to the provider itself, rather than any interaction with AWS.
Milestone

Comments

@bgshacklett
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.8

  • provider.aws v2.27.0

Affected Resource(s)

N/A—Provider will not initialize

Environment

> gi Env:/AWS_PROFILE

Name                           Value
----                           -----
AWS_PROFILE                    k8s-lab

Terraform Configuration Files

# provider.tf
provider "aws" {
  version = "2.27.0"
  region  = "us-east-2"
}

# terraform.tf
terraform {
  required_version  = ">=0.12.0"
}

# main.tf
data "aws_region" "current" {}

Debug Output

https://gist.github.com/bgshacklett/3f205d2540dd9a42ae540cf7192a11f7

Panic Output

Expected Behavior

Terraform successfully generates a plan

Actual Behavior

An error is generated:

Error: No valid credential sources found for AWS Provider.
	Please see https://terraform.io/docs/providers/aws/index.html for more information on
	providing credentials for the AWS Provider

Steps to Reproduce

  1. Configure a profile which assumes a role in ~/.aws/config:
    [profile k8s-lab]
    source_profile = Lab-LabUser
    role_arn = arn:aws:iam::[redacted]:role/Admin
    
  2. terraform plan

Important Factoids

  • I'm able to run aws sts get-caller-identity successfully:
    > aws sts get-caller-identity
    {
        "UserId": "[redacted]:botocore-session-[redacted]",
        "Account": "[redacted]",
        "Arn": "arn:aws:sts::[redacted]:assumed-role/Admin/botocore-session-[redacted]"
    }
    
  • Assigning $Env:AWS_PROFILE to a profile configured in .aws/credentials (Lab-LabUser in this case) allows me to run a plan successfully.
  • Explicitly configuring the role k8s-lab in the provider allows me to run a plan successfully.

References

n/a

@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Sep 10, 2019
@aeschright aeschright added provider Pertains to the provider itself, rather than any interaction with AWS. and removed needs-triage Waiting for first response or review from a maintainer. labels Oct 4, 2019
@aeschright
Copy link
Contributor

Hi @bgshacklett ! Thanks for reporting this. Issues around assuming a role through the config profile settings will be resolved with #10379 which is scheduled for the next release.

@bflad
Copy link
Contributor

bflad commented Oct 10, 2019

Closing as #10379 was merged previously and v2.32.0 has been released. 👍

@bflad bflad closed this as completed Oct 10, 2019
@ghost
Copy link

ghost commented Oct 10, 2019

This has been released in version 2.32.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Nov 10, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
provider Pertains to the provider itself, rather than any interaction with AWS.
Projects
None yet
Development

No branches or pull requests

3 participants