cli53 icon indicating copy to clipboard operation
cli53 copied to clipboard

Published 20 hours ago verified publisher icon barnybug

Credentials provided by credential_process don't work

Open wfaulk opened this issue 5 years ago • 2 comments

Issue type

  • Bug report

cli53 version (cli53 --version)

cli53 version master (brew says 0.8.15)

OS / Platform

MacOS 10.13.6 / brew

Steps to reproduce

Create an aws config that looks like this:

[profile cp]
credential_process = /tmp/aws-creds
region = us-east-1

Create an executable script, /tmp/aws-creds, that looks like this:

cat <<EOF
{
  "Version":1,
  "AccessKeyId":"AKID1234567890",
  "SecretAccessKey":"MY-SECRET-KEY"
}
EOF

run cli53 l --profile cp

Expected behaviour

a list of zones in the account referenced by the credentials in the script

Actual behaviour

Hangs indefinitely

% cli53 l --profile cp -d
DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.34 (go1.12.1; darwin; amd64)
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.34 (go1.12.1; darwin; amd64)
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.34 (go1.12.1; darwin; amd64)
Accept-Encoding: gzip


-----------------------------------------------------
DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.34 (go1.12.1; darwin; amd64)
Accept-Encoding: gzip


-----------------------------------------------------

Have you checked if the documentation has the information you require?

yes

Could you contribute a fix or help testing with this issue?

I'm happy to help with testing.

wfaulk avatar May 07 '20 21:05 wfaulk

It's important to note that the config/script works fine with the Amazon-provided aws cli.

wfaulk avatar May 07 '20 21:05 wfaulk

I would expect that the fact that credentials provided through aws sso login would likely fall under this issue, too. I have similar failing results when attempting to use credentials provided through the AWSCLI SSO setup.

SeanSith avatar Jan 03 '22 18:01 SeanSith