amplify-cli: Amplify init fails to resolve credential from profile using source_profile and credential_process
Before opening, please confirm:
- I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
- I have searched for duplicate or closed issues.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
v12.21.0
Amplify CLI Version
4.45.2
What operating system are you using?
Ubuntu
Amplify Categories
Not applicable
Amplify Commands
init
Describe the bug
A profile with a source_profile that itself uses credential_process fails with the message:
'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1'
Expected behavior
Amplify should be able to authenticate with any method supported by the awscli, including assuming a role.
Reproduction steps
- Configure profiles like so:
[profile another-profile]
region = us-east-1
credential_process = aws-okta-processor authenticate --organization xxxxxx --application xxxxxx --duration 43200 --role arn:aws:iam::xxxxxx:role/xxxxxx
[profile dev]
region = us-east-1
role_arn = arn:aws:iam::xxxxxx:role/xxxxxx
role_session_name = email@someplace.dev
source_profile = another-profile
- Run
amplify init
$ amplify init
Note: It is recommended to run this command from the root of your app directory
? Enter a name for the project amplifydemo
? Enter a name for the environment dev
? Choose your default editor: Visual Studio Code
? Choose the type of app that you're building javascript
Please tell us about your project
? What javascript framework are you using react
? Source Directory Path: src
? Distribution Directory Path: build
? Build Command: npm run-script build
? Start Command: npm run-script start
Using default provider awscloudformation
? Select the authentication method you want to use: AWS profile
For more information on AWS Profiles, see:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
? Please choose the profile you want to use dev
Error: connect ECONNREFUSED 169.254.169.254:80
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) {
message: 'Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1',
errno: 'ECONNREFUSED',
code: 'CredentialsError',
syscall: 'connect',
address: '169.254.169.254',
port: 80,
time: 2021-03-15T21:05:16.123Z,
originalError: {
message: 'Could not load credentials from any providers',
errno: 'ECONNREFUSED',
code: 'CredentialsError',
syscall: 'connect',
address: '169.254.169.254',
port: 80,
time: 2021-03-15T21:05:16.123Z,
originalError: {
message: 'EC2 Metadata roleName request returned error',
errno: 'ECONNREFUSED',
code: 'ECONNREFUSED',
syscall: 'connect',
address: '169.254.169.254',
port: 80,
time: 2021-03-15T21:05:16.123Z,
originalError: [Object]
}
}
}
Log output
# Put your logs below this line
2021-03-15T21:15:22.347Z|info : amplify init core
2021-03-15T21:16:19.882Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:19.893Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:19.902Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:25.214Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileConfig(["dev"])
2021-03-15T21:16:25.214Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:25.219Z|info : amplify-provider-awscloudformation.system-config-manager.getProfiledAwsConfig.profileConfig([{"region":"us-east-1","role_arn":"[***]1129617:role/[***]3-[***]in","role_session_name":"[***]lus3it.com","source_profile":"another-profile"}])
2021-03-15T21:16:25.220Z|info : amplify-provider-awscloudformation.system-config-manager.getCacheFilePath(["/home/loren/.amplify/awscloudformation"])
2021-03-15T21:16:25.226Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileConfig(["another-profile"])
2021-03-15T21:16:25.227Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/config"])
2021-03-15T21:16:25.229Z|info : amplify-provider-awscloudformation.system-config-manager.getProfiledAwsConfig.profileConfig([{"region":"us-east-1","credential_process":"[***]"}])
2021-03-15T21:16:25.229Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileCredentials(["another-profile"])
2021-03-15T21:16:25.230Z|info : amplify-provider-awscloudformation.system-config-manager.makeFileOwnerReadWrite(["/home/loren/.aws/credentials"])
2021-03-15T21:16:25.232Z|info : amplify-provider-awscloudformation.system-config-manager.getRoleCredentials.aws.STS([{"region":"us-east-1","credential_process":"[***]"}])
2021-03-15T21:16:25.241Z|info : amplify-provider-awscloudformation.system-config-manager.getRoleCredentials.sts.assumeRole([{"RoleArn":"[***]1129617:role/[***]3-[***]in","RoleSessionName":"[***]lus3it.com"}])
2021-03-15T21:16:25.277Z|error : amplify-provider-awscloudformation.system-config-manager.getRoleCredentials.sts.assumeRole([{"RoleArn":"[***]1129617:role/[***]3-[***]in","RoleSessionName":"[***]lus3it.com"}])
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
2021-03-15T21:16:25.277Z|info : amplify-provider-awscloudformation.system-config-manager.getCacheFilePath(["/home/loren/.amplify/awscloudformation"])
2021-03-15T21:16:25.286Z|info : amplify-provider-awscloudformation.amplify-service-permission-check.checkAmplifyServiceIAMPermission.amplifyClient.listApps([])
2021-03-15T21:16:25.303Z|error : amplify-provider-awscloudformation.amplify-service-permission-check.checkAmplifyServiceIAMPermission.amplifyClient.listApps([])
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
2021-03-15T21:16:25.304Z|info : amplify-provider-awscloudformation.amplify-service-manager.init.amplifyClient.createApp([{"name":"[***]ydemo","environmentVariables":{"_LIVE_PACKAGE_UPDATES":"[{\"pkg\":\"@aws-amplify/cli\",\"type\":\"npm\",\"version\":\"latest\"}]"}}])
2021-03-15T21:16:25.322Z|error : amplify-provider-awscloudformation.amplify-service-manager.init.amplifyClient.createApp([{"name":"[***]ydemo","environmentVariables":{"_LIVE_PACKAGE_UPDATES":"[{\"pkg\":\"@aws-amplify/cli\",\"type\":\"npm\",\"version\":\"latest\"}]"}}])
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 4
- Comments: 15 (5 by maintainers)
A
~/.aws/credentialsfile also needs to exist!! 😓 Can be empty.Thanks to this comment.
Ok I think I figured out the issue. When you run
amplify inityou must setAWS_Profileenvironment variable and select the profile as part of the init process. So in the above scenario it needs to be:I downgraded to version 4.46.0 and was able to use profiles with credential_process.
@lorengordon We don’t support AWS orgs yet and marking this as a feature request.
@kaustavghosh06 Here is a contrived example you can use to test with a permanent access/secret key, just insert actual values for the
AccessKeyIdandSecretAccessKey: