Packer: profile option missing from AWS builders docs

actually it doesn't work for me, despite this comment. packer 1.0.0:

$ grep -A2 myprofile ~/.aws/credentials 
[myprofile]
aws_access_key_id = ...
aws_secret_access_key = ...

$ grep -B3 profile base.json 
  "builders": [
    {
      "type": "amazon-ebs",
      "profile": "myprofile",
...

$ packer build base.json
amazon-ebs output will be in this color.

Build 'amazon-ebs' errored: Get http://169.254.169.254/latest/meta-data/placement/availability-zone: dial tcp 169.254.169.254:80: i/o timeout

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Get http://169.254.169.254/latest/meta-data/placement/availability-zone: dial tcp 169.254.169.254:80: i/o timeout

==> Builds finished but no artifacts were created.
$

AWS_PROFILE does not appear to work either, despite being documented in https://www.packer.io/docs/builders/amazon.html

$ AWS_PROFILE=myprofile packer build -debug base.json
Debug mode enabled. Builds will not be parallelized.
amazon-ebs output will be in this color.

Build 'amazon-ebs' errored: Get http://169.254.169.254/latest/meta-data/placement/availability-zone: dial tcp 169.254.169.254:80: i/o timeout

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Get http://169.254.169.254/latest/meta-data/placement/availability-zone: dial tcp 169.254.169.254:80: i/o timeout

==> Builds finished but no artifacts were created.

note that -debug doesn't provide any information regarding credential lookup in either case.

I certainly agree with the initial description.

But for the two other comments, can you provide a minimal template json and gist a PACKER_LOG=1 packer build template.json output when you run that. I'm very sure it works, so there is something else wrong.

@rickard-von-essen thanks for the reply.

https://gist.github.com/jrynyt/50ee5bac1244314f3797ce39dce6fc45

@jrynyt cat ~/.aws/config

@rickard-von-essen I think I am running into this as well.

I think Packer is hitting the ~/.aws/config first and failing when you don't have it (or failing when the profile you specify isn't in there) instead of continuing on to use/check ~/.aws/credentials.

@jrynyt's initial message stated he was using ~/.aws/credentials (I am as well). Not sure why his is failing on the metadata service but mine is failing on finding the profile in config.

Without ~/.aws/config

 λ  vagrant@vagrant  /vagrant  ✘   packer build centos-6.json
amazon-ebs output will be in this color.

Build 'amazon-ebs' errored: open /home/vagrant/.aws/config: no such file or directory

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: open /home/vagrant/.aws/config: no such file or directory

==> Builds finished but no artifacts were created.

With ~/.aws/config but without any profiles defined

 λ  vagrant@vagrant  /vagrant  ✘   packer build centos-6.json
amazon-ebs output will be in this color.

Build 'amazon-ebs' errored: error when getting section: section 'profile jnprx' not exists

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: error when getting section: section 'profile jnprx' not exists

==> Builds finished but no artifacts were created.

I think one of the other issues I had seen about this #2471, was making references to the fact that the go sdk was handling this so it might not be up to packer, but at least with boto3 you are not required to have ~/.aws/config defined if you are using ~/.aws/credentials. Failure seems to be it doesn't skip ~/.aws/config if it isn't available or filled out with the profile your trying to use.

If I have the profile name defined in ~/.aws/config (with no actual credentials)

[profile example]

And then my actual credentials in ~/.aws/credentials

[example]
output = json
region = us-west-2
aws_access_key_id = CXXXXXX
aws_secret_access_key = TXXXX

Packer works.

the test from the gist had an empty ~/.aws/config, but even with this, the result is the same

$ cat ~/.aws/config 
[packertest]
region = us-east-1

I use the env AWS_PROFILE all the time with packer. Been working fine. I avoid baking any aws config or credential options into my packer templates at all costs. Too easy to commit them accidentally into source control.

~/.aws/config should look like:

[profile packertest]
region = us-east-1

gotcha, that fixed it.

I've always only ever used ~/.aws/credentials with various tools and have never had a problem.

According to http://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html "If you want to keep all of your profile settings in a single file, you can."

and

~/.aws/config

[default]
region=us-west-2
output=json

not [profile default]

This is what I had been trying to mention is that at least with other tools with boto/boto3 I've never been required to have the ~/.aws/config file when I have been using ~/.aws/credentials.

@jrynyt Default is [default] and profile X is [profile X].

I'm going through old issues and it appears that this is now documented: https://www.packer.io/docs/builders/amazon-ebs.html#profile

So I'm closing. If folks are still having trouble using AWS profiles, open a new issue :)

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.