Copilot-cli: Hangs when using a profile with a credential process

Created on 3 Apr 2020  路  3Comments  路  Source: aws/copilot-cli

What I did

Platform: Mac Mojave
CLI Version: v0.0.7

My default profile is configured with a credential_process (to pull credentials from our federation service).

I used ecs-preview init for the first time and followed the prompts. The flow did not prompt me for a profile. After the Created environment step, the prompts stopped and hanged. I interrupted the CLI and did ecs-preview deploy, saw the same behavior, but this time I let it sit until I saw an error, which was about 2 minutes later.

mactop % ecs-preview deploy
Only found one app, defaulting to: meshy
Only found one environment, defaulting to: test
Error: get ECR repository URI: ecr describe repository meshy/meshy: NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
SharedCredsLoad: failed to load profile, .
EC2RoleRequestError: no EC2 instance role found
caused by: RequestError: send request failed
caused by: Get http://169.254.169.254/latest/meta-data/iam/security-credentials/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

SharedCredsLoad: failed to load profile, . misled me into believing it wasn't using the default profile and was looking up garbage.

What I expected

  1. It just works, like the AWS CLI, or
  2. It short circuits earlier, probably without trying to ping the EC2 metadata endpoint

What I tested

  • Setting a profile (using AWS_PROFILE as there doesn't seem to be a flag for deploy) to one that uses IAM user credentials. Success.
  • Setting to a different profile which also is configured with a credential_process. Failure.
  • Removing the credential_process from default and using IAM user creds. Success.

Possible action items

  • Fix profile handling
  • Allow selecting a profile universally instead of just init
  • Do not ping the EC2 instance metadata, at least by default (maybe you want this to work easier on Cloud9?). Here's seemingly how the CDK did it, to allow for a hybrid approach.
arecreds typbug
Source
picture efe-selcuk
👍3

All 3 comments

Thanks so much for the awesome feedback!

kohidave picture kohidave on 3 Apr 2020
👍1

Hey @efe-selcuk :wave: It's been a while :) but we reproduced the error and #1205 should fix it !

efekarakus picture efekarakus on 29 Jul 2020
👍1

The fix was released with v0.3.0!

efekarakus picture efekarakus on 14 Aug 2020
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

iamhopaul123 picture iamhopaul123  路  3Comments
bvtujo picture bvtujo  路  3Comments
aviflax picture aviflax  路  4Comments
fullstackdev-online picture fullstackdev-online  路  3Comments
bpottier picture bpottier  路  3Comments