Boto3: Boto3 Session cannot find credentials in the environment, throws exception

Created on 16 Apr 2016  路  23Comments  路  Source: boto/boto3

Here is my code:

import os

import boto3

print os.environ
session = boto3.Session(region_name='us-east-1')

Here's the contents of os.environ, which get printed to the screen (with some variables stripped). Note that AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are both present.

{
    'CIRCLE_BUILD_NUM': '93',
    'SSH_ASKPASS': 'false',
    'HOME': '/home/ubuntu',
    'CI_PULL_REQUESTS': '',
    'NVM_CD_FLAGS': '',
    'rvm_trust_rvmrcs_flag': '1',
    'CIRCLE_TEST_REPORTS': '/tmp/circle-junit.Kx9Hk38',
    'rvm_path': '/home/ubuntu/.rvm',
    'CIRCLE_USERNAME': '(stripped)',
    'RUBY_VERSION': 'ruby-1.9.3-p448',
    'SSH_CLIENT': '10.16.130.250 40127 22',
    'CIRCLE_REPOSITORY_URL': '(stripped)',
    'USER': 'ubuntu',
    'NVM_DIR': '/home/ubuntu/nvm',
    'M2': '/home/ubuntu/.m2/apache-maven-3.2.5/bin',
    'PATH': '/home/ubuntu/webhooks/venv/bin:/usr/local/heroku/bin:/opt/google-cloud-sdk/bin:/home/ubuntu/webhooks/venv/bin:/home/ubuntu/.pyenv/shims:/home/ubuntu/.pyenv/bin:/home/ubuntu/.local/bin:/home/ubuntu/.go_workspace/bin:/usr/local/go_workspace/bin:/usr/local/go/bin:/opt/ghc/7.6.3/bin:/opt/happy/1.19.3/bin:/opt/alex/3.1.3/bin:/opt/cabal/1.22/bin:/opt/google-cloud-sdk/bin:/home/ubuntu/.m2/apache-maven-3.2.5/bin:/home/ubuntu/nvm/v0.10.33/bin:/home/ubuntu/.phpenv/shims:/home/ubuntu/.phpenv/bin:/home/ubuntu/.rvm/gems/ruby-1.9.3-p448/bin:/home/ubuntu/.rvm/gems/ruby-1.9.3-p448@global/bin:/home/ubuntu/.rvm/rubies/ruby-1.9.3-p448/bin:/home/ubuntu/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/android-sdk-linux/tools:/usr/local/android-sdk-linux/platform-tools:/home/ubuntu/.rvm/bin:/home/ubuntu/.composer/vendor/bin:/usr/local/gradle-1.10/bin:/usr/local/heroku/bin:/home/ubuntu/.rvm/bin',
    'CIRCLE_PROJECT_USERNAME': '(stripped)',
    'PS1': '(venv)',
    'DISPLAY': ':99',
    'MAKEFLAGS': '',
    'CIRCLE_COMPARE_URL': '(stripped)',
    'NVM_BIN': '/home/ubuntu/nvm/v0.10.33/bin',
    'TERM': 'vt100',
    'SHELL': '/bin/bash',
    'CIRCLECI': 'true',
    'XDG_SESSION_COOKIE': '(stripped)',
    'PYENV_SHELL': 'bash',
    'RBENV_SHELL': 'bash',
    'SHLVL': '2',
    '_system_arch': 'x86_64',
    'rvm_gemset_create_on_use_flag': '1',
    'rvm_version': '1.26.10 (1.26.10)',
    '_system_name': 'Ubuntu',
    'MAVEN_OPTS': '-Xmx2048m',
    'NVM_PATH': '/home/ubuntu/nvm/v0.10.33/lib/node',
    'GIT_ASKPASS': 'echo',
    'CIRCLE_NODE_INDEX': '0',
    'CIRCLE_NODE_TOTAL': '1',
    'MANPATH': '/home/ubuntu/nvm/v0.10.33/share/man:/home/ubuntu/.rvm/rubies/ruby-1.9.3-p448/share/man:/usr/local/man:/usr/local/share/man:/usr/share/man:/home/ubuntu/.rvm/man',
    'GOPATH': '/home/ubuntu/.go_workspace:/usr/local/go_workspace',
    'CIRCLE_PREVIOUS_BUILD_NUM': '92',
    'M2_HOME': '/home/ubuntu/.m2/apache-maven-3.2.5',
    'JAVA_HOME': '/usr/lib/jvm/jdk1.7.0',
    'MFLAGS': '',
    'GEM_PATH': '/home/ubuntu/.rvm/gems/ruby-1.9.3-p448:/home/ubuntu/.rvm/gems/ruby-1.9.3-p448@global',
    'rvm_bin_path': '/home/ubuntu/.rvm/bin',
    'LANG': 'en_US.UTF-8',
    'CI': 'true',
    '_system_version': '12.04',
    'rvm_prefix': '/home/ubuntu',
    'LOGNAME': 'ubuntu',
    'CI_REPORTS': '/tmp/circle-junit.Kx9Hk38',
    'CIRCLE_SHA1': 'bd4cbd0943d1cde45abf6cacb580a3a389cc897a',
    'IRBRC': '/home/ubuntu/.rvm/rubies/ruby-1.9.3-p448/.irbrc',
    '_system_type': 'Linux',
    'MY_RUBY_HOME': '/home/ubuntu/.rvm/rubies/ruby-1.9.3-p448',
    'CI_PULL_REQUEST': '',
    'ANDROID_HOME': '/usr/local/android-sdk-linux',
    'AWS_ACCESS_KEY_ID': 'AKIA(stripped)',
    '_': '/home/ubuntu/webhooks/venv/bin/python',
    'ADB_INSTALL_TIMEOUT': '10',
    'CIRCLE_BUILD_URL': '(private)',
    'VIRTUAL_ENV': '/home/ubuntu/webhooks/venv',
    'NVM_IOJS_ORG_MIRROR': 'https://iojs.org/dist',
    'SSH_TTY': '/dev/pts/5',
    'OLDPWD': '/home/ubuntu/webhooks',
    'CIRCLE_PROJECT_REPONAME': 'webhooks',
    'ANDROID_NDK': '/usr/local/android-ndk',
    'CIRCLE_BRANCH': 'develop',
    'MAKELEVEL': '1',
    'PWD': '/home/ubuntu/webhooks/src',
    'CIRCLE_ARTIFACTS': '/tmp/circle-artifacts.Hk67jto',
    'AWS_SECRET_ACCESS_KEY': '(secret)',
    'MAIL': '/var/mail/ubuntu',
    'SSH_CONNECTION': '10.16.130.250 40127 10.0.3.193 22',
    'GEM_HOME': '/home/ubuntu/.rvm/gems/ruby-1.9.3-p448',
    'NVM_NODEJS_ORG_MIRROR': 'https://nodejs.org/dist'
}

However, the next line yields the following stack trace:

Traceback (most recent call last):
  File "deploy.py", line 11, in main
    session = boto3.Session(region_name='us-east-1')
  File "/home/ubuntu/webhooks/src/boto3/boto3/session.py", line 80, in __init__
    self._setup_loader()
  File "/home/ubuntu/webhooks/src/boto3/boto3/session.py", line 112, in _setup_loader
    self._loader = self._session.get_component('data_loader')
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 687, in get_component
    return self._components.get_component(name)
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 868, in get_component
    self._components[name] = factory()
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 176, in <lambda>
    lambda:  create_loader(self.get_config_variable('data_path')))
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 256, in get_config_variable
    elif self._found_in_config_file(methods, var_config):
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 277, in _found_in_config_file
    return var_config[0] in self.get_scoped_config()
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 339, in get_scoped_config
    profile_map = self._build_profile_map()
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 211, in _build_profile_map
    self._profile_map = self.full_config['profiles']
  File "/home/ubuntu/webhooks/src/botocore/session.py", line 366, in full_config
    self._config = botocore.configloader.load_config(config_file)
  File "/home/ubuntu/webhooks/src/botocore/botocore/configloader.py", line 105, in load_config
    parsed = raw_config_parse(config_filename)
  File "/home/ubuntu/webhooks/src/botocore/botocore/configloader.py", line 126, in raw_config_parse
    raise botocore.exceptions.ConfigNotFound(path=path)
botocore.exceptions.ConfigNotFound: The specified config file (/home/ubuntu/.aws/config) could not be found.

I expect that boto3/botocore will be able to find my credentials in the environment. The documentation states they should be load-able from the environment:

Boto3 will check these environment variables for credentials:

AWS_ACCESS_KEY_ID
The access key for your AWS account.
AWS_SECRET_ACCESS_KEY
The secret key for your AWS account.
AWS_SESSION_TOKEN
The session key for your AWS account. This is only needed when you are using temporary credentials. > The AWS_SECURITY_TOKEN environment variable can also be used, but is only supported for backwards compatibility purposes. AWS_SESSION_TOKEN is supported by multiple AWS SDKs besides python.

I'm confused why this is occurring.

closing-soon confusing-error
Source
picture kevinburke
👍1

Most helpful comment

I still have this problem quite often. I'm using IAM roles, so I have no credentials file (only a .aws/config). I see it most often during runs of long multiprocessing jobs.

picture smstec on 21 Feb 2018
👍10

All 23 comments

I'm also getting this error if I attempt to pass the credentials in via the Session constructor.

    # https://github.com/boto/boto3/issues/598
    session = boto3.Session(region_name='us-east-1',
                            aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
                            aws_secret_access_key=os.environ['AWS_SECRET_ACCESS_KEY'])
kevinburke picture kevinburke on 18 Apr 2016

I've "solved" this problem by creating empty $HOME/.aws/config and $HOME/.aws/credentials files and now getting the following error message:

Traceback (most recent call last):
  File "deploy.py", line 43, in <module>
    main(args.realm)
  File "deploy.py", line 29, in main
    results = [client.update_function_code(FunctionName=arn, ZipFile=data) for arn in arns]
  File "/home/ubuntu/webhooks/src/botocore/botocore/client.py", line 236, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/ubuntu/webhooks/src/botocore/botocore/client.py", line 489, in _make_api_call
    operation_model, request_dict)
  File "/home/ubuntu/webhooks/src/botocore/endpoint.py", line 117, in make_request
    return self._send_request(request_dict, operation_model)
  File "/home/ubuntu/webhooks/src/botocore/endpoint.py", line 146, in _send_request
    success_response, exception):
  File "/home/ubuntu/webhooks/src/botocore/endpoint.py", line 219, in _needs_retry
    caught_exception=caught_exception)
  File "/home/ubuntu/webhooks/src/botocore/botocore/hooks.py", line 226, in emit
    return self._emit(event_name, kwargs)
  File "/home/ubuntu/webhooks/src/botocore/botocore/hooks.py", line 209, in _emit
    response = handler(**kwargs)
  File "/home/ubuntu/webhooks/src/botocore/botocore/retryhandler.py", line 183, in __call__
    if self._checker(attempts, response, caught_exception):
  File "/home/ubuntu/webhooks/src/botocore/botocore/retryhandler.py", line 250, in __call__
    caught_exception)
  File "/home/ubuntu/webhooks/src/botocore/botocore/retryhandler.py", line 265, in _should_retry
    return self._checker(attempt_number, response, caught_exception)
  File "/home/ubuntu/webhooks/src/botocore/botocore/retryhandler.py", line 313, in __call__
    caught_exception)
  File "/home/ubuntu/webhooks/src/botocore/botocore/retryhandler.py", line 222, in __call__
    return self._check_caught_exception(attempt_number, caught_exception)
  File "/home/ubuntu/webhooks/src/botocore/botocore/retryhandler.py", line 355, in _check_caught_exception
    raise caught_exception
ValueError: You can only send PreparedRequests.
kevinburke picture kevinburke on 18 Apr 2016
👎2

I am running boto 1.3.0 though I have gone as far back as 1.1.4 and can still reproduce the last stack trace.

kevinburke picture kevinburke on 18 Apr 2016

Alright, this is wild... I had to install packages into --target directories so we can ship the source code to AWS. Unfortunately the machine is running an old version of pip which was vulnerable to this error: https://github.com/pypa/pip/issues/1489.

The PreparedRequest check fails because it's checking against a PreparedRequest in a different directory (in src/botocore/botocore/.../models.py instead of src/botocore/.../models.py). I'm assuming the configuration issue is related, though I haven't dug into exactly why this is occurring.

kevinburke picture kevinburke on 18 Apr 2016

FYI - I filed https://github.com/kennethreitz/requests/issues/3102 to fix Requests

kevinburke picture kevinburke on 18 Apr 2016

I'm hitting the same problem. Tried the same thing with empty config files, and then also filled config files. I also tried using the aws CLI from a shell script I called from python (with all the right environment variables).

@kevinburke Did you find a way to fix the problem?

hobofan picture hobofan on 21 Apr 2016

@hobofan so, I had two different copies of the library installed, one in src/botocore and one in src/botocore/botocore. I believe that was the cause of the problem.

I'm not sure though because I just worked around it by passing the env vars directly to Session via os.environ.

kevinburke picture kevinburke on 21 Apr 2016

@kevinburke Yeah, I also had multiple copies, but removing them, didn't really solve it.
I tried it with clean directories again, but in the end I am now working around it by handling that functionality in a Node.js lambda function of its own, since I wasn't able to find the right combination of workarounds in Python :/

hobofan picture hobofan on 21 Apr 2016

@hobofan What happens if you set up a virtualenv?

JordonPhillips picture JordonPhillips on 25 Apr 2016

This is rather confusing.
Are you using standard authentication ? Or are you using IAM roles / STS authentication.
I didn't encounter problem with typical AWS authentication.

commutecat picture commutecat on 26 Apr 2016

@JordonPhillips I haven't tried that, since I don't usually work in python and don't know how to use virtualenv. I might try that soon, but right now the workaround with the extra lambda function is working and I already spent too much time on a rather simple task due to this bug.

@commutecat I tried using both the Lambda execution role (by not providing any credentials to the Client) and using the credentials of a IAM user.

hobofan picture hobofan on 27 Apr 2016

I gave up on using anything but $HOME/.aws/config and $HOME/.aws/credentials files. It works both on Windows and Linux for me. Placing the values in environment variables does not work for me.

millerbryan picture millerbryan on 20 May 2016
👍2

@hobofan : virtualenv are recommended, even for cloud. One issue of python package is access without sudo, virtualenv allow you to do that. Also AWS resources has its own catch.

For aws credentials , the common mistake made for multiple profile is omitting the "profile" in the config 

#~/.aws/credential
[default] 
aws_access_key_id= ....
aws_secret_access_key=....

[superapp]
aws_access_key_id= ....
aws_secret_access_key=....

# The catch, 
#~/.aws/config
[default]
region = .....

# so the alternate profile, in the config, you must prefix it with profile , follow by space, then profile name
[profile superapp]
region = .....

Then calling alternate profile should be straightforward as shown in the API

boto3.session.Session( profile_name="superapp")
commutecat picture commutecat on 1 Jun 2016

Thanks @hobofan , I always use virtualenv but I was not using the session profile. That was omitted in the "getting started" page I've been referencing.

millerbryan picture millerbryan on 1 Jun 2016

FWIW, I had this problem and realized that it was because I switched to using Tox, but I neglected to place passenv = * in my tox.ini file.

kernelpanek-segfault picture kernelpanek-segfault on 16 Jun 2016
👍4

Is this still a problem for anyone or can it be closed?

grahamlyons picture grahamlyons on 19 Feb 2018

I think we all have workarounds but it would be nice if the "getting started" page was amended to be more clear on this topic. Just my two pfennig...

millerbryan picture millerbryan on 19 Feb 2018

I still have this problem quite often. I'm using IAM roles, so I have no credentials file (only a .aws/config). I see it most often during runs of long multiprocessing jobs.

smstec picture smstec on 21 Feb 2018
👍10

I recently started having this issue after version 1.7.x

tommyshere picture tommyshere on 19 May 2018
👍2

I have this problem in a flask app running on a docker container. The problem occurs when handling HTTP requests and when executing commands through flask-cli, but not when executing the exact same function from ipython or in a python script.

kccrouch picture kccrouch on 24 Aug 2018

I have this problem in a ansible task and "lookup env" works for me.
https://docs.ansible.com/ansible/2.6/plugins/lookup/env.html

nakayama-tap picture nakayama-tap on 11 Sep 2018

Following up on this issue. Is anyone still getting error? If yes, please reopen a new issue.

These are some documentation that might help:
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-linux-python34-boto3/

swetashre picture swetashre on 27 Mar 2020

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

no-response[bot] picture no-response[bot] on 3 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

leima965 picture leima965  路  3Comments
yannbriancon picture yannbriancon  路  3Comments
luistm picture luistm  路  3Comments
teran-mckinney picture teran-mckinney  路  3Comments
arnonki picture arnonki  路  3Comments