Packer: amazon-ebs: Uses the wrong credentials when using credential_source
Hi all,
I'm trying to create a packer image using amazon-ebs, however, packer is refusing to use the correct permissions when setting the profile parameter. My aws config is in the below gist. When running aws cli from the CLI, it uses the correct profile:
$ aws sts get-caller-identity --profile myprofile
{
"UserId": "<redacted>:botocore-session-1537008255",
"Account": "<redacted>",
"Arn": "arn:aws:sts::<redacted>:assumed-role/<redacted>/botocore-session-1537008255"
}
It seems the issue is caused in step_pre_validate.go and having looked at the code, it doesn't look like it's picking the correct session.
however, as you'll see from the gist, and the cloudwatch log entry, it is still using the original user (instead of the role profile is meant to assume).
Any ideas on how to solve this?
Version: Packer v1.3.0
Host platform: MacOS
Please see all details in this gist: https://gist.github.com/hoshsadiq/18f4ae539b15d65d1800f2f54558664e
hoshsadiq
👍2
All 13 comments
A more validating test would be:
$ aws ec2 describe-images --profile myprofile --filter <...>
rickard-von-essen
on 15 Sep 2018
Reading a bit, credential_source is not yet supported in _aws-sdk-go_. See aws/aws-sdk-go#1901. When the do a release with that we can update and this should work.
rickard-von-essen
on 15 Sep 2018
$ aws ec2 describe-images --region eu-west-1 --profile myprofile --query "sort_by(Images, &CreationDate)[-1]" --filters "Name=name,Values=myorg_base-windows-server-2016-core--encrypted"
{
...
}
Seems to work.
It's a shame that's not yet supported. For now I can work around it by manually assuming a role and exported the session details:
eval "$(aws sts assume-role \
--role-arn <myrole> \
--role-session-name <mysession> \
--output text \
--query 'Credentials.[
join(`=`, [`export AWS_ACCESS_KEY_ID`, AccessKeyId]),
join(`=`, [`export AWS_SECRET_ACCESS_KEY`, SecretAccessKey]),
join(`=`, [`export AWS_SESSION_TOKEN`, SessionToken])
] | join(`\n`, @)')"
packer build packer.json
👍1
Thanks for the workaround. We'll keep an eye on the upstream issue and update this ticket when it's fixed and we've incorporated the updated sdk.
SwampDragons
on 17 Sep 2018
👍2
https://github.com/aws/aws-sdk-go/pull/2201 got merged which adds support for credential_source
hoshsadiq
on 12 Oct 2018
@hoshsadiq It would be great if you could try if #6849 solves this.
rickard-von-essen
on 15 Oct 2018
I'd be happy to test but I'm away until the 22nd. will test it out then. Is there a binary I can use?
hoshsadiq
on 15 Oct 2018
SwampDragons
on 15 Oct 2018
I'm unable to get this to work with Packer v1.3.3 when using credential_source=EcsContainer.
For background, I'm running packer inside an AWS CodeBuild job which uses an ECS Container. I'm running the CodeBuild job in a parent account, but need packer to assume a role into a child account.
~/.aws/credentials does not exist
~/.aws/config contains:
[profile dev]
role_arn = arn:aws:iam::redacted:role/redacted-role
credential_source=EcsContainer
AWS_PROFILE=dev
aws sts get-caller-identity outputs the correct info
However, when running packer it's still using the role that the container is running as, and not assuming the AWS_PROFILE role from ~/.aws/config. I've also tried setting the amazon-ebs parameter "profile=dev", but it's still not using this profile. Any other suggestions, or should I fall back to using aws sts get-caller-identity to populate the credentials file?
sfdc-afraley
on 14 Dec 2018
@SwampDragons @rickard-von-essen this is still an issue. Same packer.json produces the following:
/tmp/test # PACKER_LOG=1 packer build packer.json
2018/12/26 23:32:06 [INFO] Packer version: 1.3.3
2018/12/26 23:32:06 Packer Target OS/Arch: linux amd64
2018/12/26 23:32:06 Built with Go Version: go1.11.2
2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 Using internal plugin for oneandone
2018/12/26 23:32:06 Using internal plugin for openstack
2018/12/26 23:32:06 Using internal plugin for oracle-oci
2018/12/26 23:32:06 Using internal plugin for profitbricks
2018/12/26 23:32:06 Using internal plugin for vmware-vmx
2018/12/26 23:32:06 Using internal plugin for amazon-instance
2018/12/26 23:32:06 Using internal plugin for hyperv-vmcx
2018/12/26 23:32:06 Using internal plugin for vmware-iso
2018/12/26 23:32:06 Using internal plugin for alicloud-ecs
2018/12/26 23:32:06 Using internal plugin for docker
2018/12/26 23:32:06 Using internal plugin for file
2018/12/26 23:32:06 Using internal plugin for hyperv-iso
2018/12/26 23:32:06 Using internal plugin for virtualbox-ovf
2018/12/26 23:32:06 Using internal plugin for azure-arm
2018/12/26 23:32:06 Using internal plugin for ncloud
2018/12/26 23:32:06 Using internal plugin for oracle-classic
2018/12/26 23:32:06 Using internal plugin for amazon-chroot
2018/12/26 23:32:06 Using internal plugin for amazon-ebssurrogate
2018/12/26 23:32:06 Using internal plugin for parallels-iso
2018/12/26 23:32:06 Using internal plugin for triton
2018/12/26 23:32:06 Using internal plugin for digitalocean
2018/12/26 23:32:06 Using internal plugin for lxd
2018/12/26 23:32:06 Using internal plugin for virtualbox-iso
2018/12/26 23:32:06 Using internal plugin for null
2018/12/26 23:32:06 Using internal plugin for parallels-pvm
2018/12/26 23:32:06 Using internal plugin for scaleway
2018/12/26 23:32:06 Using internal plugin for amazon-ebs
2018/12/26 23:32:06 Using internal plugin for cloudstack
2018/12/26 23:32:06 Using internal plugin for googlecompute
2018/12/26 23:32:06 Using internal plugin for hcloud
2018/12/26 23:32:06 Using internal plugin for lxc
2018/12/26 23:32:06 Using internal plugin for amazon-ebsvolume
2018/12/26 23:32:06 Using internal plugin for qemu
2018/12/26 23:32:06 Using internal plugin for salt-masterless
2018/12/26 23:32:06 Using internal plugin for windows-shell
2018/12/26 23:32:06 Using internal plugin for ansible-local
2018/12/26 23:32:06 Using internal plugin for chef-solo
2018/12/26 23:32:06 Using internal plugin for file
2018/12/26 23:32:06 Using internal plugin for powershell
2018/12/26 23:32:06 Using internal plugin for shell-local
2018/12/26 23:32:06 Using internal plugin for ansible
2018/12/26 23:32:06 Using internal plugin for breakpoint
2018/12/26 23:32:06 Using internal plugin for shell
2018/12/26 23:32:06 Using internal plugin for puppet-server
2018/12/26 23:32:06 Using internal plugin for windows-restart
2018/12/26 23:32:06 Using internal plugin for chef-client
2018/12/26 23:32:06 Using internal plugin for converge
2018/12/26 23:32:06 Using internal plugin for puppet-masterless
2018/12/26 23:32:06 Using internal plugin for manifest
2018/12/26 23:32:06 Using internal plugin for vagrant-cloud
2018/12/26 23:32:06 Using internal plugin for vsphere-template
2018/12/26 23:32:06 Using internal plugin for amazon-import
2018/12/26 23:32:06 Using internal plugin for checksum
2018/12/26 23:32:06 Using internal plugin for docker-save
2018/12/26 23:32:06 Using internal plugin for googlecompute-export
2018/12/26 23:32:06 Using internal plugin for artifice
2018/12/26 23:32:06 Using internal plugin for compress
2018/12/26 23:32:06 Using internal plugin for shell-local
2018/12/26 23:32:06 Using internal plugin for vsphere
2018/12/26 23:32:06 Using internal plugin for alicloud-import
2018/12/26 23:32:06 Using internal plugin for docker-push
2018/12/26 23:32:06 Using internal plugin for docker-tag
2018/12/26 23:32:06 Using internal plugin for vagrant
2018/12/26 23:32:06 Using internal plugin for docker-import
2018/12/26 23:32:06 Using internal plugin for googlecompute-import
2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 Attempting to open config file: /root/.packerconfig
2018/12/26 23:32:06 [WARN] Config file doesn't exist: /root/.packerconfig
2018/12/26 23:32:06 Packer config: &{DisableCheckpoint:false DisableCheckpointSignature:false PluginMinPort:10000 PluginMaxPort:25000 Builders:map[file:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-file googlecompute:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-googlecompute profitbricks:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-profitbricks oracle-classic:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-oracle-classic digitalocean:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-digitalocean lxc:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-lxc vmware-iso:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-vmware-iso parallels-iso:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-parallels-iso triton:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-triton lxd:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-lxd oracle-oci:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-oracle-oci null:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-null vmware-vmx:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-vmware-vmx docker:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-docker hyperv-iso:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-hyperv-iso amazon-ebssurrogate:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-amazon-ebssurrogate virtualbox-iso:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-virtualbox-iso amazon-ebsvolume:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-amazon-ebsvolume amazon-instance:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-amazon-instance azure-arm:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-azure-arm scaleway:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-scaleway cloudstack:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-cloudstack hcloud:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-hcloud qemu:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-qemu alicloud-ecs:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-alicloud-ecs hyperv-vmcx:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-hyperv-vmcx amazon-chroot:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-amazon-chroot amazon-ebs:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-amazon-ebs openstack:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-openstack virtualbox-ovf:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-virtualbox-ovf ncloud:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-ncloud parallels-pvm:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-parallels-pvm oneandone:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-builder-oneandone] PostProcessors:map[manifest:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-manifest vsphere-template:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-vsphere-template checksum:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-checksum vagrant-cloud:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-vagrant-cloud artifice:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-artifice amazon-import:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-amazon-import docker-save:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-docker-save googlecompute-export:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-googlecompute-export compress:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-compress shell-local:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-shell-local alicloud-import:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-alicloud-import docker-tag:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-docker-tag googlecompute-import:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-googlecompute-import vsphere:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-vsphere docker-push:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-docker-push vagrant:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-vagrant docker-import:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-post-processor-docker-import] Provisioners:map[ansible:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-ansible puppet-masterless:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-puppet-masterless file:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-file shell-local:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-shell-local shell:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-shell converge:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-converge puppet-server:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-puppet-server chef-client:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-chef-client ansible-local:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-ansible-local chef-solo:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-chef-solo powershell:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-powershell breakpoint:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-breakpoint windows-restart:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-windows-restart salt-masterless:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-salt-masterless windows-shell:/usr/local/bin/packer-PACKERSPACE-plugin-PACKERSPACE-packer-provisioner-windows-shell]}
2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 Setting cache directory: /tmp/test/packer_cache
2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 Loading builder: amazon-ebs
2018/12/26 23:32:06 Plugin could not be found. Checking same directory as executable.
2018/12/26 23:32:06 Current exe path: /usr/local/bin/packer
2018/12/26 23:32:06 Creating plugin client for path: /usr/local/bin/packer
2018/12/26 23:32:06 Starting plugin: /usr/local/bin/packer []string{"/usr/local/bin/packer", "plugin", "packer-builder-amazon-ebs"}
2018/12/26 23:32:06 Waiting for RPC address for: /usr/local/bin/packer
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 [INFO] Packer version: 1.3.3
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Packer Target OS/Arch: linux amd64
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Built with Go Version: go1.11.2
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Attempting to open config file: /root/.packerconfig
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 [WARN] Config file doesn't exist: /root/.packerconfig
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Packer config: &{DisableCheckpoint:false DisableCheckpointSignature:false PluginMinPort:10000 PluginMaxPort:25000 Builders:map[] PostProcessors:map[] Provisioners:map[]}
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Setting cache directory: /tmp/test/packer_cache
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 args: []string{"packer-builder-amazon-ebs"}
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Plugin minimum port: 10000
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Plugin maximum port: 25000
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Plugin address: unix /tmp/packer-plugin998963968
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Waiting for connection...
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Serving a plugin connection...
2018/12/26 23:32:06 Loading provisioner: powershell
2018/12/26 23:32:06 Plugin could not be found. Checking same directory as executable.
2018/12/26 23:32:06 Current exe path: /usr/local/bin/packer
2018/12/26 23:32:06 Creating plugin client for path: /usr/local/bin/packer
2018/12/26 23:32:06 Starting plugin: /usr/local/bin/packer []string{"/usr/local/bin/packer", "plugin", "packer-provisioner-powershell"}
2018/12/26 23:32:06 Waiting for RPC address for: /usr/local/bin/packer
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 [INFO] Packer version: 1.3.3
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Packer Target OS/Arch: linux amd64
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Built with Go Version: go1.11.2
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Attempting to open config file: /root/.packerconfig
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 [WARN] Config file doesn't exist: /root/.packerconfig
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Packer config: &{DisableCheckpoint:false DisableCheckpointSignature:false PluginMinPort:10000 PluginMaxPort:25000 Builders:map[] PostProcessors:map[] Provisioners:map[]}
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Setting cache directory: /tmp/test/packer_cache
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 args: []string{"packer-provisioner-powershell"}
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Plugin minimum port: 10000
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Plugin maximum port: 25000
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Detected home directory from env var: /root
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Plugin address: unix /tmp/packer-plugin849392025
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Waiting for connection...
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Serving a plugin connection...
2018/12/26 23:32:06 Build debug mode: false
2018/12/26 23:32:06 Force build: false
2018/12/26 23:32:06 On error:
2018/12/26 23:32:06 Preparing build: amazon-ebs
amazon-ebs output will be in this color.
2018/12/26 23:32:06 Waiting on builds to complete...
2018/12/26 23:32:06 Starting build run: amazon-ebs
2018/12/26 23:32:06 Running builder: amazon-ebs
2018/12/26 23:32:06 [INFO] (telemetry) Starting builder amazon-ebs
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 Found region eu-west-1
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 [INFO] AWS Auth provider used: "EnvConfigCredentials"
2018/12/26 23:32:06 [INFO] (telemetry) ending amazon-ebs
2018/12/26 23:32:06 ui error: Build 'amazon-ebs' errored: error validating regions: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 8fca6124-c3df-1cae-f426-24d43f7bde13
2018/12/26 23:32:06 Builds completed. Waiting on interrupt barrier...
2018/12/26 23:32:06 machine readable: error-count []string{"1"}
2018/12/26 23:32:06 ui error:
==> Some builds didn't complete successfully and had errors:
2018/12/26 23:32:06 machine readable: amazon-ebs,error []string{"error validating regions: UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id: 8fca6124-c3df-1cae-f426-24d43f7bde13"}
2018/12/26 23:32:06 ui error: --> amazon-ebs: error validating regions: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 8fca6124-c3df-1cae-f426-24d43f7bde13
==> Builds finished but no artifacts were created.
2018/12/26 23:32:06 [INFO] (telemetry) Finalizing.
Build 'amazon-ebs' errored: error validating regions: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 8fca6124-c3df-1cae-f426-24d43f7bde13
==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: error validating regions: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 8fca6124-c3df-1cae-f426-24d43f7bde13
==> Builds finished but no artifacts were created.
2018/12/26 23:32:06 waiting for all plugin processes to complete...
2018/12/26 23:32:06 /usr/local/bin/packer: plugin process exited
2018/12/26 23:32:06 /usr/local/bin/packer: plugin process exited
Interestingly it seems to be selecting the correct place to load the credentials.
2018/12/26 23:32:06 packer: 2018/12/26 23:32:06 [INFO] AWS Auth provider used: "EnvConfigCredentials"
Looking at CloudTrail, it's showing error in the account is origin (before assuming the role)
hoshsadiq
on 27 Dec 2018
@sfdc-afraley as @rickard-von-essen has previously mentioned, a better test would be:
aws ec2 describe-images --profile dev --filter <...>
Until it's fixed, I'd suggest simply using sts to assume the role first
hoshsadiq
on 27 Dec 2018
See #7142
rickard-von-essen
on 27 Dec 2018
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 30 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
s4mur4i
ยท
3Comments
Nikoos
ยท
3Comments
brettswift
ยท
3Comments
mwhooker
ยท
3Comments
DanielBo
ยท
3Comments
Most helpful comment
Thanks for the workaround. We'll keep an eye on the upstream issue and update this ticket when it's fixed and we've incorporated the updated sdk.