Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Amplify init fails to resolve credential from profile using source_profile and credential_process

See original GitHub issue

Before opening, please confirm:

I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
I have searched for duplicate or closed issues.
I have read the guide for submitting bug reports.
I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v12.21.0

Amplify CLI Version

4.45.2

What operating system are you using?

Ubuntu

Amplify Categories

Not applicable

Amplify Commands

init

Describe the bug

A profile with a source_profile that itself uses credential_process fails with the message:

'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1'

Expected behavior

Amplify should be able to authenticate with any method supported by the awscli, including assuming a role.

Reproduction steps

Configure profiles like so:

[profile another-profile]
region = us-east-1
credential_process = aws-okta-processor authenticate --organization xxxxxx --application xxxxxx --duration 43200 --role arn:aws:iam::xxxxxx:role/xxxxxx

[profile dev]
region = us-east-1
role_arn = arn:aws:iam::xxxxxx:role/xxxxxx
role_session_name = email@someplace.dev
source_profile = another-profile

Run amplify init

$ amplify init
Note: It is recommended to run this command from the root of your app directory
? Enter a name for the project amplifydemo
? Enter a name for the environment dev
? Choose your default editor: Visual Studio Code
? Choose the type of app that you're building javascript
Please tell us about your project
? What javascript framework are you using react
? Source Directory Path:  src
? Distribution Directory Path: build
? Build Command:  npm run-script build
? Start Command: npm run-script start
Using default provider  awscloudformation
? Select the authentication method you want to use: AWS profile

For more information on AWS Profiles, see:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

? Please choose the profile you want to use dev
Error: connect ECONNREFUSED 169.254.169.254:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) {
  message: 'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1',
  errno: 'ECONNREFUSED',
  code: 'CredentialsError',
  syscall: 'connect',
  address: '169.254.169.254',
  port: 80,
  time: 2021-03-15T21:05:16.123Z,
  originalError: {
    message: 'Could not load credentials from any providers',
    errno: 'ECONNREFUSED',
    code: 'CredentialsError',
    syscall: 'connect',
    address: '169.254.169.254',
    port: 80,
    time: 2021-03-15T21:05:16.123Z,
    originalError: {
      message: 'EC2 Metadata roleName request returned error',
      errno: 'ECONNREFUSED',
      code: 'ECONNREFUSED',
      syscall: 'connect',
      address: '169.254.169.254',
      port: 80,
      time: 2021-03-15T21:05:16.123Z,
      originalError: [Object]
    }
  }
}

Log output

# Put your logs below this line
2021-03-15T21:15:22.347Z|info : amplify init core
2021-03-15T21:16:19.882Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:19.893Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:19.902Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:25.214Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileConfig(["dev"])
2021-03-15T21:16:25.214Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:25.219Z|info : amplify-provider-awscloudformation.system-config-manager.getProfiledAwsConfig.profileConfig([{"region":"us-east-1","role_arn":"[***]1129617:role/[***]3-[***]in","role_session_name":"[***]lus3it.com","source_profile":"another-profile"}])
2021-03-15T21:16:25.220Z|info : amplify-provider-awscloudformation.system-config-manager.getCacheFilePath(["/home/loren/.amplify/awscloudformation"])
2021-03-15T21:16:25.226Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileConfig(["another-profile"])
2021-03-15T21:16:25.227Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:25.229Z|info : amplify-provider-awscloudformation.system-config-manager.getProfiledAwsConfig.profileConfig([{"region":"us-east-1","credential_process":"[***]"}])
2021-03-15T21:16:25.229Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileCredentials(["another-profile"])
2021-03-15T21:16:25.230Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/credentials"])
2021-03-15T21:16:25.232Z|info : amplify-provider-awscloudformation.system-config-manager.getRoleCredentials.aws.STS([{"region":"us-east-1","credential_process":"[***]"}])
2021-03-15T21:16:25.241Z|info : amplify-provider-awscloudformation.system-config-manager.getRoleCredentials.sts.assumeRole([{"RoleArn":"[***]1129617:role/[***]3-[***]in","RoleSessionName":"[***]lus3it.com"}])
2021-03-15T21:16:25.277Z|error : amplify-provider-awscloudformation.system-config-manager.getRoleCredentials.sts.assumeRole([{"RoleArn":"[***]1129617:role/[***]3-[***]in","RoleSessionName":"[***]lus3it.com"}])
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
2021-03-15T21:16:25.277Z|info : amplify-provider-awscloudformation.system-config-manager.getCacheFilePath(["/home/loren/.amplify/awscloudformation"])
2021-03-15T21:16:25.286Z|info : amplify-provider-awscloudformation.amplify-service-permission-check.checkAmplifyServiceIAMPermission.amplifyClient.listApps([])
2021-03-15T21:16:25.303Z|error : amplify-provider-awscloudformation.amplify-service-permission-check.checkAmplifyServiceIAMPermission.amplifyClient.listApps([])
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
2021-03-15T21:16:25.304Z|info : amplify-provider-awscloudformation.amplify-service-manager.init.amplifyClient.createApp([{"name":"[***]ydemo","environmentVariables":{"_LIVE_PACKAGE_UPDATES":"[{\"pkg\":\"@aws-amplify/cli\",\"type\":\"npm\",\"version\":\"latest\"}]"}}])
2021-03-15T21:16:25.322Z|error : amplify-provider-awscloudformation.amplify-service-manager.init.amplifyClient.createApp([{"name":"[***]ydemo","environmentVariables":{"_LIVE_PACKAGE_UPDATES":"[{\"pkg\":\"@aws-amplify/cli\",\"type\":\"npm\",\"version\":\"latest\"}]"}}])
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1

Issue Analytics

State:
Created 3 years ago
Reactions:4
Comments:14 (5 by maintainers)

Top GitHub Comments

4reactions

tjmcewancommented, Oct 24, 2021

A ~/.aws/credentials file also needs to exist!! 😓 Can be empty.

Thanks to this comment.

2reactions

yunspacecommented, Oct 17, 2021

Ok I think I figured out the issue. When you run amplify init you must set AWS_Profile environment variable and select the profile as part of the init process. So in the above scenario it needs to be: