aws-toolkit-vscode: "Connect to AWS" error: unable to get local issuer certificate

Describe the bug

Error suggesting invalid profile on machine with existing credentials file in use with aws cli

To Reproduce

After installing and ctrl+shift+p -> connect to AWS on a machine that already has a credentials file in the home directory, the user is given a list of profiles in the credentials file. Selecting either of my profiles returns an error “Credentials profile is invalid”

Expected behavior

AWS connects to that profile.

Screenshots

1-17-2020 4-41-07 PM

1-17-2020 4-42-41 PM

Desktop (please complete the following information):

OS: Windows 10
Visual Studio Code Version: Version: 1.41.1 (user setup) Commit: 26076a4de974ead31f97692a0d32f90d735645c0 Date: 2019-12-18T14:58:56.166Z Electron: 6.1.5 Chrome: 76.0.3809.146 Node.js: 12.4.0 V8: 7.6.303.31-electron.0 OS: Windows_NT x64 10.0.17763
AWS Toolkit for Visual Studio Code Version: 1.5.0

Additional context

F:\>sam --version
SAM CLI, version 0.13.0

F:\>aws --version
aws-cli/1.17.4 Python/3.6.0 Windows/10 botocore/1.14.4

F:\>aws s3 ls
2019-12-03 14:38:40 andrew-test-s3-bucket

F:\>aws s3 ls --profile dev
2020-01-08 08:13:27 admstest

I read through https://github.com/aws/aws-toolkit-vscode/issues/705 which shows the same symptoms but following the recommended steps of reinstalling the latest VSCode, restarting it and having lower case credential key names didn’t work for me.

Here is the content of my credential file with altered keys:

[default]
aws_access_key_id = BKDLSKEJFLKASKJFKELS
aws_secret_access_key = adklsfjASDfksa2+akdzADSFwekfasdfjslkedsf
[sand]
aws_access_key_id = BKDLSKEJFLKASKJFKELS
aws_secret_access_key = adklsfjASDfksa2+akdzADSFwekfasdfjslkedsf
[dev]
aws_access_key_id = SKDASDLFKJSKSKJFKELT
aws_secret_access_key = fasdfjslkedadklsfjASDfksa2+akdzADSFweksf

Please let me know if you have any suggestions.

Thank you!

About this issue

Original URL
State: open
Created 4 years ago
Reactions: 1
Comments: 19 (9 by maintainers)

Most upvoted comments

did you find any way to have aws-toolkit-vscode accept and use a custom CA ? 2022-01-11 15:33:41 [ERROR]: Error getting AccountId: [Error: unable to get local issuer certificate

@alxrdn That means vscode/nodejs/electron can’t find the configured certificates on the system. On Windows, this vscode extension may help (not associated with AWS): https://marketplace.visualstudio.com/items?itemName=ukoloff.win-ca

justinmk3 on Jun 22, 2023

@irishgordo

For what it’s worth, I’ve just had the same error as the OP

$ code --version
1.51.1
e5a624b788d92b8d34d1392e4c4d9789406efe8f
x64
$ aws --version
aws-cli/1.18.180 Python/3.6.9 Linux/5.4.0-53-generic botocore/1.19.20

AWS Toolkit 1.15.0

What solved the problem for me was to change the profile entries in ~/.aws/config from [profileX] to [profile profileX]

eugenevd on Jun 22, 2023

Error: unable to get local issuer certificate

From https://github.com/nodejs/node/issues/3742#issuecomment-155546646 ,

The error itself just means that a TLS certificate in the chain is signed by an unknown CA, presumably the cert your proxy uses.

@MatthiasPdx are you on a corporate managed computer or network?

Do you know if it’s configured to use a proxy?
Or a custom CA or root certificate?
Are you setting HTTP_PROXY or HTTPS_PROXY environment variables?

VScode exposes some related settings:

http.proxy
http.proxyAuthorization
http.proxyStrictSSL: you can set this to false (security risk), and see if that fixes the issue. But a better solution is to fix your certificate chain.
http.proxySupport
http.systemCertificates

What are the values of those settings in your vscode?

Tracking issue: https://github.com/aws/aws-toolkit-vscode/issues/185

justinmk3 on Feb 21, 2020