Terraform seems to be ignoring skip_credentials_validation flag for AWS provider

[Ghazgkull]

We are trying to use Terraform to create AWS resources in LocalStack. It works correctly if we first authenticate to AWS, but fails when lacking AWS credentials.

Since we are pointing Terraform at LocalStack and not the real AWS, there's no need for Terraform to authenticate to AWS. So we are settings both skip_credentials_validation and skip_metadata_api_check to true. Various blog posts on the internet suggest this as the way to point Terraform to LocalStack, so it presumably worked at some point?

Terraform Version

Terraform v0.11.8

Terraform Configuration Files

provider "aws" {
  region                      = "${var.region}"
  skip_credentials_validation = true
  skip_metadata_api_check     = true
  s3_force_path_style         = true
  access_key                  = "mock_access_key"
  secret_key                  = "mock_secret_key"

  endpoints {
    dynamodb = "http://localhost:4569"
    s3       = "http://localhost:4572"
  }
}

Expected Behavior

When an AWS provider is configured with skip_credentials_validation = true, credential validation is skipped.

Actual Behavior

Terraform still tries to validate credentials.

Steps to Reproduce

Run terraform plan with an AWS provider configured to skip credential validation.

Additional Context

Terraform output at the time of credential validation:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


Error: Error refreshing state: 1 error(s) occurred:

* provider.aws: Failed getting account information via all available methods. Errors: 2 errors occurred:
	* error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
	status code: 403, request id: 1685939e-a192-11e8-b421-e51413e3548d
	* failed getting account information via iam:ListRoles: InvalidClientTokenId: The security token included in the request is invalid.
	status code: 403, request id: 16c2761c-a192-11e8-8c67-63bb9d86555a

[ghost]

This issue has been automatically migrated to hashicorp/terraform-provider-aws#5584 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-aws#5584.

[Ala005]

i have used aws configure which created ~.aws/credentials file, but still terraform init returns error
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error loading state: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.
status code: 403, request id: #####A60C#######, host id: ###########+S/B0p5tUtIkYbfBs5GvM############################### Please help

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.