SCAR throwing “Must specify userName when calling with non-User credentials” error when using AWS temporary credentials.

[jmtroywork]

Scar version = 4.3.0 Python version = 3.9.6 Boto3 version = 1.26.53 System MAC OS Ventura 13.1, CHIP = APPLE M1 PRO

The AWS account I need to implement SCAR with does NOT allow access with just an IAM user with a key and secret. Because of this I use a login method that creates temporary credentials (creates a temporary token in addition to a temporary key and secret). This adds an entry (profile) in the ~/.aws/credentials file as below

% cat credentials

[learn] aws_access_key_id = ASJUST-AN-EXAMPLEXZS aws_secret_access_key = V7L7 JUST-AN-EXAMPLENrJUST-AN-EXAMPLE@!NY aws_session_token = FwoGA_N_EXAMPLE_OF_A_VERT_LONG_SESSION_TOKENhoiYstV3VwNTAhxU= note = Credential for 'exampleaccountname examplerole'; expires at '2023-02-08 03:56:18+00:00'

When running ‘scar ls’ is run I get the error below % scar ls There was an exception in get_user_info Must specify userName when calling with non-User credentials

Here are the contents of ~/.scar/scar.log after the command is run 2023-02-07 14:32:30,055 - root - INFO - ---------------------------------------------------- 2023-02-07 14:32:30,055 - root - INFO - SCAR execution started 2023-02-07 14:32:33,052 - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials 2023-02-07 14:32:37,112 - root - ERROR - An error occurred (ValidationError) when calling the GetUser operation: Must specify userName when calling with non-User credentials Traceback (most recent call last): File "/Users/L045503/environments/SCAR/lib/python3.9/site-packages/scar/exceptions.py", line 32, in wrapper return func(*args, **kwargs) File "/Users/L045503/environments/SCAR/lib/python3.9/site-packages/scar/providers/aws/clients/iam.py", line 47, in get_user_info raise cerr File "/Users/L045503/environments/SCAR/lib/python3.9/site-packages/scar/providers/aws/clients/iam.py", line 38, in get_user_info return self.client.get_user() File "/Users/L045503/environments/SCAR/lib/python3.9/site-packages/botocore/client.py", line 530, in _api_call return self._make_api_call(operation_name, kwargs) File "/Users/L045503/environments/SCAR/lib/python3.9/site-packages/botocore/client.py", line 960, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the GetUser operation: Must specify userName when calling with non-User credentials

I also get this error, and the same log contents when I run ‘scar init -f basic-cow.yaml’ after I have added the basic-com.yaml file from the documentation (Basic Usage — scar documentation) onto my laptop. (scar –help or scar –version DO NOT throw this error).

Additionally, I have tried the below AWS CLI commands and found that the ‘aws iam get-user' returns a similar error:

aws --profile learn iam get-user An error occurred (ValidationError) when calling the GetUser operation: Must specify userName when calling with non-User credentials

However using aws sts get-caller-identity as suggested here (https://stackoverflow.com/questions/33332050/getting-the-current-user-account-id-in-boto3/37723278#37723278) does not return an error.

% aws --profile learn sts get-caller-identity { "UserId": "AROAxxxxxxxxxxxD3USI:XXXXXXX", "Account": "XXXXXXXXXXXX", "Arn": "arn:aws:sts::7 XXXXXXXXXXXX:assumed-role/user_role_in_aws/XXXXXX" }

This seems to suggest that when using AWS temporary credentials, a different API call needs to be used to obtain the needed user information. See this post: https://github.com/sergiocorreia/quipucamayoc/issues/3

NOTE: I have also successfully tested ‘scar ls’ using the same laptop and same software implementation (scar, python, boto3) but using an IAM User with only key and secret and accessing a DIFFERENT ACCOUNT (an account that allows access with just a key and secret, but also an account I cannot use for the project I’m working on). In this case ‘scar ls’ lists my lambda functions as it should.

Any help solving this problem would be appreciated.