configure-aws-credentials icon indicating copy to clipboard operation
configure-aws-credentials copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

Intermittent credentials issues

Open jazanne opened this issue 2 years ago • 9 comments

My configuration:

      - uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1

Get this error intermittently, but frequently.

Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

It tends to happen when I have a lot of runs at the same time, for example, when dependabot opens PRs. It generally will pass when I re-run the workflow manually, but it's a time suck and slows down our CI for pkg updates.

jazanne avatar Dec 22 '21 16:12 jazanne

This is a huge issue for us at the moment, it's now occurring on nearly every pipeline run if there are more than ~3-4 simultaneous actions run in parallel. We're losing up to 30minutes per run in manual retries.

27Bslash6 avatar Jan 04 '22 00:01 27Bslash6

I'm having this problem as well, but Dependabot isn't even on in the repo in question. I'm only ever running a single action at a time. And it's not intermittent, it's always happening. Every attempt over the past three days has failed with the same error, whether triggered automatically or via "Re-run all jobs". IAM doesn't show that the credentials are even being used.

This was working before. I didn't change anything about the GitHub action or the secrets, it just stopped working. The config looks identical to the one posted by jazanne. As it stands, I can no longer push my container to AWS using GH Actions. 😦

nk9 avatar Jan 16 '22 22:01 nk9

+1 this issue.

The only difference is how I instantiate the region (GitHub Secrets) but I did hard-code aws-region: us-east-1 as a troubleshooting step and was successful in replicating the same failure: "Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers"

I deployed the below template to 150+ private repos. So far, there's 2 repos failing: "Error: Input required and not supplied: aws-region"

...but again, when I hard-code the region it provides the same error as @jazanne

name: Backup GitHub Repository to Amazon S3 Bucket
on:
  push:
    branches: [main, master]
permissions:
  id-token: write
  contents: read
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ secrets.BACKUP_AWS_IAM_ROLE }}
          aws-region: ${{ secrets.BACKUP_AWS_REGION }}

      - name: Copy Repo to S3 Bucket
        run: |
          aws s3 sync . s3://${{ secrets.BACKUP_AWS_S3_BUCKET }}/${{ github.event.repository.name }}

newforma-bclemans avatar Jan 27 '22 18:01 newforma-bclemans

Can confirm this problem still exists today, and might be getting worse. Our config:

      - name: Configure AWS credentials (HUB)
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.HUB_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.HUB_AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2

We get this result, pretty consistently, on first run for a given PR:

Run aws-actions/configure-aws-credentials@v1
  with:
    aws-region: us-west-2
Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

Typically succeeds on a re-run.

andrewsw avatar Mar 09 '22 19:03 andrewsw

Still happening. Reliably failing when dependabot induces a build by opening a PR. Subsequent re-run of the job succeeds.

andrewsw avatar Mar 25 '22 18:03 andrewsw

yea same. pretty frustrating

jazanne avatar Mar 28 '22 14:03 jazanne

Same here

+1 to this issue

juiceppe avatar Jul 04 '22 20:07 juiceppe

+1

still having it

fiorigabriel avatar Jul 29 '22 16:07 fiorigabriel

I learned some stuff yesterday...

https://github.com/aws-actions/configure-aws-credentials/issues/188 https://github.com/aws-actions/configure-aws-credentials/issues/202 https://github.com/dependabot/dependabot-core/issues/3253

Basically, appears to be a secrets configuration problem.

andrewsw avatar Jul 29 '22 16:07 andrewsw

Unfortunately I'm not really sure what to suggest aside from seconding that it is likely a secrets configuration issue. Please refer to #271 for further comments, we're working on improving our documentation and figuring out the best strategies for authentication, so the feedback here hasn't gone unnoticed. Thanks!

peterwoodworth avatar Feb 21 '23 23:02 peterwoodworth

⚠️Comment Visibility Warning⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] avatar Feb 21 '23 23:02 github-actions[bot]

Actually not secrets problem; it is something else:

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/github-actions-role
          aws-region: ${{ inputs.aws_region }}

...and I get:

image

tirelibirefe avatar May 07 '24 22:05 tirelibirefe