aws-nuke icon indicating copy to clipboard operation
aws-nuke copied to clipboard

Published 20 hours ago verified publisher icon rebuy-de

failed to get caller identity

Open ukreddy-erwin opened this issue 3 years ago • 3 comments
trafficstars

I have configured my aws account in the aws cli of the machine.

Tried with below IAM account with admin rights and also with root account.

Even getting output for below command.


aws sts get-caller-identity
{
    "Account": "********",
    "UserId": "**********",
    "Arn": "arn:aws:iam::********:root"
}

But, when I ran the nuke script, getting below error.

./aws-nuke-v2.17.0-linux-amd64 -c nuke-config.yml  --profile uday-subaccount
Error: failed get caller identity: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors

My nuke-config.yml

[vagrant@localhost ~]$ cat nuke-config.yml
regions:
- eu-west-1

account-blocklist:
- "999999999999" # production

ukreddy-erwin avatar Apr 25 '22 17:04 ukreddy-erwin

Is it possible it cannot find the actual profile you've specified? Can you post your .aws/config sanitized so we can see the layout and structure?

ekristen avatar Apr 26 '22 18:04 ekristen

After seeing #784, were you able to get past this issue @ukreddy-erwin?

der-eismann avatar Apr 27 '22 15:04 der-eismann

I was able to reproduce this. Running the CLI with --profile resulted in the error. Running the CLI without --profile, and using the interactive prompt to supply the profile/alias was successful.

Config

austinoboyle@fedora:/tmp/aws-nuke$ cat conf.yaml 
regions:
- global

account-blocklist:
- "999999999999" # production

accounts:
  "<redacted>": {}

CLI identity

austinoboyle@fedora:/tmp/aws-nuke$ aws sts get-caller-identity
{
    "UserId": "<redacted>",
    "Account": "<redacted>",
    "Arn": "arn:aws:iam::<redacted>:root"
}

Failing Command

austinoboyle@fedora:/tmp/aws-nuke$ ./aws-nuke-v2.16.0-linux-amd64 -c conf.yaml --profile my-alias
Error: failed get caller identity: NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Passing Command

./aws-nuke-v2.16.0-linux-amd64 -c conf.yaml
aws-nuke version v2.16.0 - Mon Sep  6 14:19:03 UTC 2021 - 

Do you really want to nuke the account with the ID <redacted> and the alias 'my-alias?
Do you want to continue? Enter account alias to continue.
> my-alias

global - IAMUser - Administrator - would remove
global - IAMUser - redacted - would remove
...
<snip>

austinoboyle avatar Jun 27 '22 22:06 austinoboyle

I've got the same thing, I don't have any other AWS accounts that I'm logged in with and I want to reset it but I have problems like it wanting the blocklist and it doesn't like the default profile.

RossComputerGuy avatar Nov 12 '22 23:11 RossComputerGuy

Is there a resolution to this. I cannot get a minimal config to work.

SizableDeMerit avatar Feb 21 '23 17:02 SizableDeMerit

@SizableDeMerit how are you trying to authenticate to AWS? Profile? Environment variables? Assume Role or straight keys?

ekristen avatar Feb 21 '23 18:02 ekristen

I'm trying to assume role using access and secret keys got the same error. Any solution to that? --access-key-id some_access_key --secret-access-key some_secret_key --assume-role-arn ... @ekristen Any suggestions?

namchan23 avatar Feb 28 '23 16:02 namchan23