-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"No valid credential sources found for AWS Provider" Federated User in Alpine Linux Container #9986
Comments
Some more info: If I change my # credentials file
[default]
aws_access_key_id=<ACCESS_KEY>
aws_secret_access_key=<SECRET_KEY>
aws_session_token=<SESSION_TOKEN>
# config file
[default]
region=eu-west-2
output=json And the provider "aws" {
version = "~> 2.24.0"
region = "${var.region}"
} It works. However, as soon as I change them to: # credentials file
[test_user]
aws_access_key_id=<ACCESS_KEY>
aws_secret_access_key=<SECRET_KEY>
aws_session_token=<SESSION_TOKEN>
# config file
[profile test_user]
region=eu-west-2
output=json
provider "aws" {
version = "~> 2.24.0"
region = "${var.region}"
profile = "test_user"
} It doesn't |
Had the same issue, I renamed my profile in .aws/credentials file from "default" to something else, then came back to terraform a few days later. Terraform v0.12.19
|
Reference: #5018 Reference: #6913 Reference: #7333 Reference: #9236 Reference: #9869 Reference: #9898 Reference: #9962 Reference: #9986 Reference: #10507 Reference: #11429 Reference: #12236 Reference: #12727 Reference: #12815 Reference: #13057 Changes: ``` NOTES * provider: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) * provider: The `AWS_METADATA_TIMEOUT` environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries ENHANCEMENTS * provider: Always enable shared configuration file support (no longer require `AWS_SDK_LOAD_CONFIG` environment variable) * provider: Add `assume_role` configuration block `duration_seconds`, `policy_arns`, `tags`, and `transitive_tag_keys` arguments BUG FIXES * provider: Ensure configured STS endpoint is used during `AssumeRole` API calls * provider: Prefer AWS shared configuration over EC2 metadata credentials by default * provider: Prefer CodeBuild, ECS, EKS credentials over EC2 metadata credentials by default ``` Output from acceptance testing: ``` --- PASS: TestAccAWSProvider_Region_AwsCommercial (3.89s) --- PASS: TestAccAWSProvider_Region_AwsGovCloudUs (3.90s) --- PASS: TestAccAWSProvider_Region_AwsChina (3.99s) --- PASS: TestAccAWSProvider_IgnoreTags_Keys_None (4.22s) --- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_None (4.29s) --- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_One (4.37s) --- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_Multiple (4.38s) --- PASS: TestAccAWSProvider_IgnoreTags_Keys_One (4.39s) --- PASS: TestAccAWSProvider_IgnoreTags_EmptyConfigurationBlock (4.40s) --- PASS: TestAccAWSProvider_IgnoreTags_Keys_Multiple (4.40s) --- PASS: TestAccAWSProvider_Endpoints_Deprecated (4.42s) --- PASS: TestAccAWSProvider_Endpoints (4.53s) --- PASS: TestAccAWSProvider_AssumeRole_Empty (8.32s) ```
…14077) * Update module hashicorp/aws-sdk-go-base to v0.5.0 * provider: Authentication updates for Terraform AWS Provider v3.0.0 Reference: #5018 Reference: #6913 Reference: #7333 Reference: #9236 Reference: #9869 Reference: #9898 Reference: #9962 Reference: #9986 Reference: #10507 Reference: #11429 Reference: #12236 Reference: #12727 Reference: #12815 Reference: #13057 Changes: ``` NOTES * provider: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) * provider: The `AWS_METADATA_TIMEOUT` environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries ENHANCEMENTS * provider: Always enable shared configuration file support (no longer require `AWS_SDK_LOAD_CONFIG` environment variable) * provider: Add `assume_role` configuration block `duration_seconds`, `policy_arns`, `tags`, and `transitive_tag_keys` arguments BUG FIXES * provider: Ensure configured STS endpoint is used during `AssumeRole` API calls * provider: Prefer AWS shared configuration over EC2 metadata credentials by default * provider: Prefer CodeBuild, ECS, EKS credentials over EC2 metadata credentials by default ``` Output from acceptance testing: ``` --- PASS: TestAccAWSProvider_Region_AwsCommercial (3.89s) --- PASS: TestAccAWSProvider_Region_AwsGovCloudUs (3.90s) --- PASS: TestAccAWSProvider_Region_AwsChina (3.99s) --- PASS: TestAccAWSProvider_IgnoreTags_Keys_None (4.22s) --- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_None (4.29s) --- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_One (4.37s) --- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_Multiple (4.38s) --- PASS: TestAccAWSProvider_IgnoreTags_Keys_One (4.39s) --- PASS: TestAccAWSProvider_IgnoreTags_EmptyConfigurationBlock (4.40s) --- PASS: TestAccAWSProvider_IgnoreTags_Keys_Multiple (4.40s) --- PASS: TestAccAWSProvider_Endpoints_Deprecated (4.42s) --- PASS: TestAccAWSProvider_Endpoints (4.53s) --- PASS: TestAccAWSProvider_AssumeRole_Empty (8.32s) ``` * docs/provider: Add authentication changes section to version 3 upgrade guide and remove pre-3.0 notes Co-authored-by: Renovate Bot <bot@renovateapp.com>
Hi folks 👋 Version 3.0 of the Terraform AWS Provider will include a few authentication changes that should help in this case. Similar enhancements and fixes were applied to the Terraform S3 Backend (part of Terraform CLI) in version 0.13.0-beta2. The Terraform AWS Provider major version update will release in the next two weeks or so. Please follow the v3.0.0 milestone for tracking the progress of that release. If you are still having trouble after updating when its released, please file a new issue. Thanks! |
This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
This issue was originally opened by @GreenyMcDuff as hashicorp/terraform#22680. It was migrated here as a result of the provider split. The original body of the issue is below.
Terraform Version
Terraform Configuration Files
Debug Output
Expected Behavior
Terraform Backend should have been initialised successfully
Actual Behavior
Terraform provider failed to locate valid credentials
Steps to Reproduce
Create a Docker image using the below Dockerfile by running
docker build -t test/terraform:0.11.14 .
Dockerfile
Run the container using the following command:
This will attach a process to the shell inside the container. From here if you run:
terraform init -backend-config=shared.backend
(You may notice this isn't the same command I ran to generate the DEBUG output. That is just because my partial config is stored one level up in my actual project. I figured it was unnecessary to add that complexity to the setup)
You will get the error detailed above
Additional Context
/c/Users/user_name/.aws/credentials
) which is then mounted to the default location in Alpine Linux at run time (/root/.aws/credentials
)I can see the credentials and config files have been mounted correctly by running
cat /root/.aws/credentials
andcat /root/.aws/config
from inside the container. Below are the outputs from these commands respectivelyReferences
The text was updated successfully, but these errors were encountered: