aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard
verified publisher icon aws

Linux: environment variables not interpreted by `aws configure`

Open admercs opened this issue 3 years ago • 4 comments

Describe the bug

Setting environment variables in Linux for an IAM user per the documentation and running aws configure in the same shell session results in no output.

Expected Behavior

Per the documentation, the sourced environment variables should be interpreted by aws configure in autogenerating the config and credentials files within the $HOME/.aws/ directory.

Current Behavior

Nothing.

Reproduction Steps

tee vars <<EOT
export AWS_ACCESS_KEY_ID='mykeyid'
export AWS_SECRET_ACCESS_KEY='myprivatekey'
export AWS_DEFAULT_REGION='us-west-1'
export AWS_DEFAULT_OUTPUT='json'
export AWS_DEFAULT_PROFILE='default'
EOT

source vars
aws config

Possible Solution

Workaround is to copy-paste values, but this is not a solution.

Additional Information/Context

aws --version
aws-cli/2.7.9 Python/3.9.11 Linux/5.15.0-40-generic exe/x86_64.ubuntu.22 prompt/off

CLI version used

2.7.9

Environment details (OS name and version, etc.)

Ubuntu 22.04 LTS

admercs avatar Jun 24 '22 15:06 admercs

To my knowledge, these variables are only true to your shell environment - they are temporary. aws configure will not export them to the config/credentials.
You can check your variables with aws configure list.

You can make the variables persistent across future sessions by setting them in your shell's startup script. this is a line from the doc: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

YevheniiPokhvalii avatar Jun 25 '22 16:06 YevheniiPokhvalii

Thank you for your response @YevheniiPokhvalii. I see, so the environment variables are not used to generate the config/credentials. Nevertheless, setting the variables as described in the docs did not work for me; I was prompted to enter the values by hand and it failed if I entered the default values. It seems that the variables simply were not picked up by aws cli.

admercs avatar Jun 25 '22 20:06 admercs

Hi @admercs thanks for reaching out. In the documentation for aws configure it describes how:

The AWS CLI stores this information in a profile (a collection of settings) named default in the credentials file. By default, the information in this profile is used when you run an AWS CLI command that doesn't explicitly specify a profile to use.

And in this section on configuration precedence it describes how environment variables would take precedence over credentials files.

If you're running into issues using the CLI can you let us know what error you're seeing? You may need to unset environment variables containing expired credentials and then the CLI can get the default profile from your credentials file.

tim-finnigan avatar Jun 27 '22 17:06 tim-finnigan

Hi @YevheniiPokhvalii and @tim-finnigan! I believe I've located the source of the issue. It would seem that the last environment variable mentioned above (export AWS_DEFAULT_PROFILE='default') causes a conflict if the ~/.aws/config file does not exist, regardless of its value. If one defines this variable in addition to the primary environment variables, then they will receive the following error from aws commands:

The config profile (default) could not be found

where default is the value defined by AWS_DEFAULT_PROFILE. I would say that is unexpected and somewhat cryptic behaviour. Ideally, the variable would simply be ignored if the primary environment variables are defined and the config file does not exist. Otherwise, a clearer error message would be helpful. Thank you!

admercs avatar Jun 28 '22 10:06 admercs