Packer: Use of AWS credentials profile ignored
- Packer version from
packer version:
- 1.3.5
- Host platform
- Ubuntu 18.04.2 LTS
- Debug log output from
PACKER_LOG=1 packer build template.json.
The AWS profile option is not working on Packer even when doing things according to the documentation.
packer.json snippet:
{
"name": "test_ami",
"source_ami": "{{ user `eks_source_ami` }}",
"ami_name": "test_ami.{{ isotime \"2006-01-02T03.04\" }}",
"type": "amazon-ebs",
"profile": "production",
That does not work, I've also tried setting AWS_PROFILE on my environment variables and that doesn't work either.
AWS_PROFILE=production packer build packer.json
Here's my ~/.aws/credentials
[production]
AWS_ACCESS_KEY_ID=access_key_redacted
AWS_SECRET_ACCESS_KEY=secret_key_redacted
Here's my ~/.aws/config
[profile production]
output = json
region = us-east-1
Is this related to the same problem Terraform has https://github.com/hashicorp/terraform/issues/18402 ?
guidodobboletta
All 14 comments
This for sure works. What's the output of:
printenv | egrep "^AWS_.*" | cut -d= -f1
rickard-von-essen
on 20 Mar 2019
It's empty output @rickard-von-essen
guido@ubuntu ~ printenv | egrep "^AWS_.*" | cut -d= -f1
guido@ubuntu ~
After a bit of tinkering, I found that you can't capitalize
AWS_ACCESS_KEY_ID=access_key_redacted
AWS_SECRET_ACCESS_KEY=secret_key_redacted
Switch it to
aws_access_key_id = <redacted>
aws_secret_access_key = <redacted>
and you'll be good to go.
SwampDragons
on 17 Apr 2019
My ~/.aws/credentials file looks like this:
[default]
aws_access_key_id = <redacted>
aws_secret_access_key = <redacted>
[master]
aws_access_key_id = <redacted>
aws_secret_access_key = <redacted>
[staging]
aws_access_key_id = <redacted>
aws_secret_access_key = <redacted>
When I use AWS_PROFILE=master packer build <my_packer_file>, it ignores that profile and my build fails.
When I delete all other keys except [master] and change it to [default], it works.
What am I doing wrong here?
packer v1.4.3
heisian
on 4 Sep 2019
I think it is because your ~/.aws/config is missing:
[profile master]
[profile staging]
Try to use aws --profile master configure to set your credentials.
rickard-von-essen
on 4 Sep 2019
Strange, it seems to be there:
heisian@local:~ $ cat ~/.aws/config
[default]
region = us-east-1
[profile master]
region = us-east-1
[profile staging]
yep, still doesn't work for me :\
heisian
on 4 Sep 2019
Ran this just in case:
heisian@local:/Volumes/Case-Sensitive/stack/packer/jenkins-node
[heisian/jenkins-node|✔] ▷ aws --profile master configure
AWS Access Key ID [****************GS6K]:
AWS Secret Access Key [****************23vo]:
Default region name [us-east-1]:
(pressed enter on all to keep current values)
Still does not work
heisian
on 4 Sep 2019
What's printenv | grep AWS_
rickard-von-essen
on 4 Sep 2019
(after running export AWS_PROFILE=master in order to run packer)
heisian@local:/Volumes/Case-Sensitive/stack/packer/jenkins-node
[heisian/jenkins-node|✔] ▷ printenv | grep AWS_
AWS_PROFILE=master
I'm having this exact problem, but only with amazon-ebs. Other amazon builders I've used properly detect profile, but I finally realized that the reason I couldn't find any images was that it was picking up on default which was the wrong profile. I deleted default, and then amazon-ebs hung up and eventually told me
Build 'amazon-ebs' errored: No valid credential sources found for AWS Builder. Please see https://www.packer.io/docs/builders/amazon.html#specifying-amazon-credentials for more information on providing credentials for the AWS Builder.
Exact same var file that set the var to use in the amazon-import builder works great.
I did manage to get it to work by setting AWS_PROFILE though, unlike the previous reporter.
Packer 1.4.3.
{
"variables": {
"aws_build_region": "ca-central-1",
"aws_dest_regions": "ca-central-1,eu-west-1,ap-southeast-1",
"aws_ami_name": "redacted-{{timestamp}}",
"aws_src_image": "other-redacted-*",
"ssh_user": "centos"
},
"builders": [
{
"ami_name": "{{user `aws_ami_name`}}",
"instance_type": "t2.micro",
"region": "{{user `aws_build_region`}}",
"ami_regions": "{{user `aws_dest_regions`}}",
"profile": "{{user `amazon_profile`}}",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "{{user `aws_src_image`}}",
"root-device-type": "ebs"
},
"owners": ["{{user `aws_owner_id`}}"],
"most_recent": true
},
"ssh_username": "{{user `ssh_user`}}",
"type": "amazon-ebs"
}
],
"provisioners": [
{
"type": "ansible",
"playbook_file": "./update-image.yml"
}
]
}
I include a -var-file=foo.json which contains
{
"aws_profile": "the string from .aws/credentials",
"aws_owner_id": "nnnnn number copied right from the console"
}
It hangs for quite some time when there's no default section before dieing.
```
ronjarrell
on 20 Sep 2019
I found out what my issue was: my build.json was configured to use a specific profile ("profile": "default"), and that takes precedence over AWS_PROFILE. Once I removed the line everything was fine.
heisian
on 20 Sep 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 23 Jan 2020
Related issues
sourav82
·
3Comments
mvermaes
·
3Comments
russmac
·
3Comments
frezbo
·
3Comments
DanielBo
·
3Comments
Most helpful comment
After a bit of tinkering, I found that you can't capitalize
Switch it to
and you'll be good to go.