rclone: `--s3-profile` option does not work with `role_arn` when AWS_PROFILE does

The associated forum post URL from https://forum.rclone.org

https://forum.rclone.org/t/unable-to-connect-to-s3-using-s3-profile-with-role-arn/25347

What is the problem you are having with rclone?

I believe this is a bug introduced with v1.55.x. We are currently using rclone v1.53.3 and trying to upgrade to latest version v1.55.1. During smoke test, we noticed that below feature has stopped working in v1.55.1.

~/.aws/credentials:

[test-profile-1]
role_arn = arn:aws:iam::00000000000:role/test-role
source_profile = default

[test-profile-2]
aws_access_key_id = XXXXXXXXXXXX
aws_secret_access_key = YYYYYYYYY

~/.rclone.conf:

[s3]
type = s3
provider = AWS
env_auth = true
region = us-east-1
acl = private

Here test-profile-1 is based on role_arn, whereas test-profile-2 is based on access_key_id and secret_access_key. When trying to connect using these profiles, below are the status.

aws s3 ls s3://test-logs/2021-07-13/ --profile test-profile-1 (Works !)
rclone ls s3://test-logs/2021-07-13/ --s3-profile test-profile-1 (Fails !!!)

aws s3 ls s3://test-logs/2021-07-13/ --profile test-profile-2 (Works !)
rclone ls s3://test-logs/2021-07-13/ --s3-profile test-profile-2 (Works !)

What is your rclone version (output from rclone version)

rclone v1.55.1

os/type: linux
os/arch: amd64
go/version: go1.16.3
go/linking: static
go/tags: none

Which OS you are using and how many bits (e.g. Windows 7, 64 bit)

Amazon Linux 2

Which cloud storage system are you using? (e.g. Google Drive)

S3

The command you were trying to run (e.g. rclone copy /tmp remote:tmp)

rclone ls s3://test-logs/2021-07-13/ --s3-profile test-profile-1

A log from the command with the -vv flag (e.g. output from rclone -vv copy /tmp remote:tmp)

2021/07/14 14:13:23 DEBUG : Using config file from "/home/ec2-user/.config/rclone/rclone.conf"
2021/07/14 14:13:23 DEBUG : rclone: Version "v1.55.1" starting with parameters ["rclone" "ls" "s3://test-logs/2021-07-13/" "--s3-profile" "testlogs" "-vv"]
2021/07/14 14:13:23 DEBUG : Creating backend with remote "s3://test-logs/2021-07-13/"
2021/07/14 14:13:23 DEBUG : s3: detected overridden config - adding "{jb+DA}" suffix to name
2021/07/14 14:13:24 DEBUG : fs cache: renaming cache item "s3://test-logs/2021-07-13/" to be canonical "s3{jb+DA}:test-logs/2021-07-13"
2021/07/14 14:13:24 DEBUG : 4 go routines active
2021/07/14 14:13:24 Failed to ls: AccessDenied: Access Denied
        status code: 403, request id: 8TVCK7CVEXPF781T, host id: wEo+4KMswde6lETjLs6QnEbRpRF/+8dyhsRxBnTo3nNXgYRrJ91BDkrmuBOuid8vy0sv5UYjY5s=

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don’t comment if you have no relevant information to add. It’s just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.