shared_credential_files in v4 broken?

[ericb-summit]

As a follow-up to #23110, it seems to me shared_credential_files doesn't work in v4 as I think it should. I don't use env vars, I only use the likes of:

provider "aws" {
	region = "us-west-1"
	alias = "us-west-1"
	shared_credentials_file = "$HOME/.aws/credentials"
	profile = var.aws_profile
}

works for v3, which updates to this for v4:

provider "aws" {
	region = "us-west-1"
	alias = "us-west-1"
	shared_credentials_files = ["$HOME/.aws/credentials"]
	profile = var.aws_profile
}

With the shared_credentials_files specified as above, authentication fails. If I remove it, so that it defaults to the exact same value I explicitly specified, then it magically works. So other mysterious things changed in v4 authentication. I quote the latest docs that tell me it should work

Maybe $HOME expansion doesn't work in v4. Which is not a terrible limitation, except that it used to work in v3.

If you've somehow addressed this behaviour in some sneaky part of the docs that I missed I apologize, because I didn't see it.

[gdavison]

Hi @ericb-summit, in previous versions, this accidentally worked, since it was falling back to the default shared credentials file when it couldn't find the requested file.

Expanding the environment variables is a good idea, though, so I've added it in hashicorp/aws-sdk-go-base#118. I also discovered we were no longer expanding ~ in paths and have fixed that.

[vadzimkaredzinkokoba]

@gdavison
problem exists in 4.1.0:

│ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│
│ Error: no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout
│
│
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 13, in provider "aws":
│   13: provider "aws" {
│

after set pull path for "shared_credentials_files" problem not exists
terraform running on local pc with "shared_credentials_files = ["~/.aws/credentials"]"

[github-actions]

This functionality has been released in v4.2.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.