changing AWS_SECURITY_TOKEN to AWS_SESSION_TOKEN #8816
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I noticed that Terraform is not (anymore) parsing the value of environment variable `AWS_SECURITY_TOKEN` (which was re-added in May 2015: #1785) Example ENV: ``` AWS_SECURITY_TOKEN="FQo...vgU=" AWS_ACCESS_KEY_ID="A...A" AWS_SECRET_ACCESS_KEY="I...t" AWS_DEFAULT_REGION="eu-west-1" ``` This errors with messages akin to "AWS was not able to validate the provided access credentials". Setting `AWS_SESSION_TOKEN` instead of `AWS_SECURITY_TOKEN` on the other hand works just fine and seems to be in line with what is suggested in the code: https://github.com/hashicorp/terraform/blob/d1ac7d3b2e1be2f32092275340f33a2d73f7b31a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go#L69, making this whole thing a documentation change. Happy to provide test cases or additional insights though!
|
This looks correct, thanks for spotting it! |
catsby
pushed a commit
that referenced
this pull request
Sep 13, 2016
I noticed that Terraform is not (anymore) parsing the value of environment variable `AWS_SECURITY_TOKEN` (which was re-added in May 2015: #1785) Example ENV: ``` AWS_SECURITY_TOKEN="FQo...vgU=" AWS_ACCESS_KEY_ID="A...A" AWS_SECRET_ACCESS_KEY="I...t" AWS_DEFAULT_REGION="eu-west-1" ``` This errors with messages akin to "AWS was not able to validate the provided access credentials". Setting `AWS_SESSION_TOKEN` instead of `AWS_SECURITY_TOKEN` on the other hand works just fine and seems to be in line with what is suggested in the code: https://github.com/hashicorp/terraform/blob/d1ac7d3b2e1be2f32092275340f33a2d73f7b31a/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go#L69, making this whole thing a documentation change. Happy to provide test cases or additional insights though!
|
My pleasure, @catsby! Thanks for the quick merge. |
ojongerius
added a commit
to atlassian/terraform
that referenced
this pull request
Sep 14, 2016
…ull_window * upstream/master: (31 commits) core: Log local overrides as INFO rather than WARN provider/aws: Retry resourceAwsLaunchConfigurationCreate if instance profile hasn't propagated (hashicorp#8813) changing AWS_SECURITY_TOKEN to AWS_SESSION_TOKEN (hashicorp#8816) Update ses_receipt_rule_set.html.markdown Warn when plugins are locally overridden Fix a typo in the output command examples aws_instance doc: fix attachment resource name Vendored WAF (hashicorp#8785) update github.com/hashicorp/go-getter Update CHANGELOG.md provider/azurerm: Removing the diagnostics part of the test from the azurerm virtual machine unattended acceptance test Update CHANGELOG.md Update CHANGELOG.md provider/aws: Removal of test for changes as it forces a new resource provider/aws: Allow `aws_alb` to have the name auto-generated Update CHANGELOG.md Remove Unused Log From CodeCommit Trigger Test provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Update CHANGELOG.md provider/cloudstack: fix vpc renaming (hashicorp#8784) ...
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I noticed that Terraform is not (anymore) parsing the value of environment variable
AWS_SECURITY_TOKEN(which was re-added in May 2015: #1785)Example ENV:
This errors with messages akin to "AWS was not able to validate the provided access credentials".
Setting
AWS_SESSION_TOKENinstead ofAWS_SECURITY_TOKENon the other hand works just fine and seems to be in line with what is suggested in the code:terraform/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go
Line 69 in d1ac7d3
Happy to provide test cases or additional insights though!