terratest icon indicating copy to clipboard operation
terratest copied to clipboard

Published 20 hours ago verified publisher icon gruntwork-io

aws.GetAccountId Not Working for GovCloud Accounts

Open cailen opened this issue 3 years ago • 0 comments

It appears that the GetAccountId function does not work with GovCloud. Just comparing with the normal AWS CLI, it looks like it is because it is not allowing the region to be set. I'm still relatively new to Go, so please do let me know if I am just missing some setting. Thanks!

Input:

func TestMain(t *testing.T) {
	t.Parallel()
	os.Setenv("AWS_PROFILE", "govcloud")
	os.Setenv("AWS_DEFAULT_REGION", "us-gov-west-1")
	os.Setenv("AWS_REGION", "us-gov-west-1")
	fmt.Println(aws.GetAccountId(t))

Output:

--- FAIL: TestMain (1.44s)
    account.go:17: InvalidClientTokenId: The security token included in the request is invalid.
        	status code: 403, request id: b00000-3662-4102-a3ee-19fed9e731e4
FAIL

AWS Go API v2:

Input:

...
       cfg, err := config.LoadDefaultConfig(context.TODO(),
		config.WithSharedConfigProfile("govcloud"), config.WithRegion("us-gov-west-1"),
	)
	if err != nil {
		log.Fatal(err)
	}
	stsClient := sts.NewFromConfig(cfg)
	identity, err := stsClient.GetCallerIdentity(context.TODO(), &sts.GetCallerIdentityInput{})
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(*identity.Account)

Output:

1234567890  \\ (Just shows the account number. Redacted here.)

cailen avatar Oct 05 '21 14:10 cailen