Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

toolkit: profiles and assumerole credentials issues

See original GitHub issue

Reported by @ChintanRaval on Gitter:

The following setup fails to default to the right region:

~/.aws/credentials

[my-auth-account]
aws_access_key_id = xxxx
aws_secret_access_key = xxxx

~/.aws/config

[default]
output = json
region = us-east-1

[profile my-auth-account]
source_profile = default

[profile my-dev-account]
source_profile = my-auth-account
role_arn = arn:aws:iam::123456789012:role/MyDesiredRole
mfa_serial = arn:aws:iam::112233445566:mfa/myusername

Issue Analytics

State:
Created 5 years ago
Comments:9 (9 by maintainers)

Top GitHub Comments

1reaction

rix0rrrcommented, Nov 27, 2018

Okay so we’re NOT inconsistent with the CLI, it’s just that the CLI S3 API does not require a region and therefore does not complain.

Then I don’t see any further work here. I’m going to close this out if that’s okay with you. Feel free to reopen if you encounter further issues.

1reaction

rix0rrrcommented, Nov 26, 2018

Scenario tested:

~/.aws/config

[default]
output = json
region = eu-west-1

[profile Assumert]
region = us-east-1
# source_profile = default does not work either

[profile Assumable]
role_arn = arn:aws:iam::112233445566:role/Assumable
source_profile = Assumert

~/.aws/credentials

[Assumert]
aws_access_key_id = XXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXX

Following result:

$  aws --profile Assumable ec2 describe-availability-zones
You must specify a region. You can also configure your region by running "aws configure".

Top Results From Across the Web

Troubleshoot IAM assume role errors "AccessDenied" or ...

To assume the IAM role in another AWS account, first edit the permissions in one account (the account that assumed the IAM role)....

What is the correct way to set up AWS credentials to work with ...

AWS Toolkit in VSCode works perfectly and I can access AWS resources via VSCode. However I need to assume roles cross-accounts (with a...

Never put AWS temporary credentials in the ... - Ben Kehoe

Here's a well-trafficked GitHub issue on the CLI stating credentials ... Do we need to call aws sts assume-role --profile benk --role-arn ...

Assuming a Role from the Instance Profile (AWS PowerShell)

You need to assume a role. The AWS PowerShell tools have the ability to create a credential profile that assumes a role. It...

Resolve "Unable to locate credentials" error in Amazon S3

An "Unable to locate credentials" error indicates that Amazon S3 can't find the credentials to authenticate AWS API calls. To resolve this issue, ......