Merge pull request #3001 from sarguru/iam_profile_validation

Fail silently when account validation fails while from instance profile
hashicorp · Sep 8, 2015 · 8559b02 · 8559b02
2 parents 1b59d87 + 9abd748
commit 8559b02
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
@@ -213,8 +213,18 @@ func (c *Config) ValidateAccountId(iamconn *iam.IAM) error {
 	log.Printf("[INFO] Validating account ID")
 
 	out, err := iamconn.GetUser(nil)
+
 	if err != nil {
-		return fmt.Errorf("Failed getting account ID from IAM: %s", err)
+		awsErr, _ := err.(awserr.Error)
+		if awsErr.Code() == "ValidationError" {
+			log.Printf("[WARN] ValidationError with iam.GetUser, assuming its an IAM profile")
+			// User may be an IAM instance profile, so fail silently.
+			// If it is an IAM instance profile
+			// validating account might be superfluous
+		} else {
+			return fmt.Errorf("Failed getting account ID from IAM: %s", err)
+			// return error if the account id is explicitly not authorised
+		}
 	}
 
 	account_id := strings.Split(*out.User.Arn, ":")[4]