-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Environment variables don't take precedence over profile with no ~/.aws/credentials file #8270
Comments
Hi @kswanny thanks for reaching out. The configuration and credentials precedence documentation lists:
When you pass the If you set the I hope that helps. I don't think the current documentation is inaccurate, but maybe the wording could be improved. Please let us know if you have any specific suggestions related to that. |
@tim-finnigan thanks for the response. I guess for me it wasn't clear the precendence of variables is not followed when using the profile option. Feel free to close. |
|
Describe the bug
I'll preface this by saying, perhaps this is a doco update only, but this doesn't seem to function the way the doco says it should.
If i setup CLI for a profile like so (no credentials)
Meanwhile (environment vars are set)
(I have changed the end of my key in here to redact it more)
Should this not default to environment variables for all profiles if credentials aren't set? as per https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
"You can override an individual setting by either setting one of the supported environment variables, or by using a command line parameter. For more information on configuration setting precedence, see Configure the AWS CLI."
Running subsequent commands as user1 profile yield "Unable to locate credentials". I have also tried setting session environment variables and it functions the same
Expected Behavior
It should us System environment variables when they are set instead of blank profile credentials
Current Behavior
It does not use environment variables, it returns "Unable to locate credentials" on all aws operations
Reproduction Steps
aws configure set region "us-east-1" --profile user1 && aws configure set output "json" --profile user1
Have system environment variables set for AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID
Try a command aws s3
aws s3 ls --profile user1
Error logs
Unable to locate credentials. You can configure credentials by running "aws configure"
2023-10-26 14:54:54,477 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.13.29 Python/3.11.6 Windows/10 exe/AMD64
2023-10-26 14:54:54,477 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['s3', 'ls', '--profile', 'user1', '--debug']
2023-10-26 14:54:54,514 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x000001C7CAF82CA0>
2023-10-26 14:54:54,514 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x000001C7CADCC5E0>
2023-10-26 14:54:54,514 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2023-10-26 14:54:54,514 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x000001C7CAD30A40>
2023-10-26 14:54:54,514 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x000001C7CAD33EC0>
2023-10-26 14:54:54,514 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x000001C7CAF99760>
2023-10-26 14:54:54,515 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x000001C7CAE0EFC0>
2023-10-26 14:54:54,515 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2023-10-26 14:54:54,516 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x000001C7CAF99620>
2023-10-26 14:54:54,516 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x000001C7CB03DDD0>>
2023-10-26 14:54:54,517 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\data\cli.json
2023-10-26 14:54:54,519 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x000001C7CAED09A0>
2023-10-26 14:54:54,519 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x000001C7CAED0CC0>
2023-10-26 14:54:54,519 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x000001C7CAED0C20>
2023-10-26 14:54:54,520 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x000001C7CAED0E00>
2023-10-26 14:54:54,521 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x000001C7CAED0D60>
2023-10-26 14:54:54,521 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x000001C7CB037500>
2023-10-26 14:54:54,522 - MainThread - botocore.session - DEBUG - Setting config variable for profile to 'user1'
2023-10-26 14:54:54,522 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.13.29 Python/3.11.6 Windows/10 exe/AMD64 prompt/off
2023-10-26 14:54:54,523 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['s3', 'ls', '--profile', 'user1', '--debug']
2023-10-26 14:54:54,523 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x000001C7CAF83600>
2023-10-26 14:54:54,524 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x000001C7CAB8D760>
2023-10-26 14:54:54,524 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x000001C7CB00AC00>
2023-10-26 14:54:54,525 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x000001C7CAA3D800>
2023-10-26 14:54:54,525 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x000001C7CABA5080>
2023-10-26 14:54:54,527 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2023-10-26 14:54:54,528 - MainThread - botocore.credentials - DEBUG - Skipping environment variable credential check because profile name was explicitly set.
2023-10-26 14:54:54,528 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x000001C7CADF7880>
2023-10-26 14:54:54,528 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x000001C7CADC0860>
2023-10-26 14:54:54,529 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3: calling handler <function add_waiters at 0x000001C7CAF99620>
2023-10-26 14:54:54,529 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x000001C7CB03DDD0>>
2023-10-26 14:54:54,530 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3_ls: calling handler <function add_waiters at 0x000001C7CAF99620>
2023-10-26 14:54:54,530 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3_ls: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x000001C7CB03DDD0>>
2023-10-26 14:54:54,534 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.paths: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001C7CB077290>
2023-10-26 14:54:54,534 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.anonymous: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001C7CB077290>
2023-10-26 14:54:54,534 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.page-size: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001C7CB077290>
2023-10-26 14:54:54,538 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.human-readable: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001C7CB077290>
2023-10-26 14:54:54,539 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.ls: calling handler <awscli.argprocess.ParamShorthandParser object at 0x000001C7CAA76E10>
2023-10-26 14:54:54,539 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.summarize: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001C7CB077290>
2023-10-26 14:54:54,540 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.ls: calling handler <awscli.argprocess.ParamShorthandParser object at 0x000001C7CAA76E10>
2023-10-26 14:54:54,540 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.request-payer: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001C7CB077290>
2023-10-26 14:54:54,541 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2023-10-26 14:54:54,541 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2023-10-26 14:54:54,541 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2023-10-26 14:54:54,542 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2023-10-26 14:54:54,543 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: custom-process
2023-10-26 14:54:54,543 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: config-file
2023-10-26 14:54:54,544 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: ec2-credentials-file
2023-10-26 14:54:54,544 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: boto-config
2023-10-26 14:54:54,544 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: container-role
2023-10-26 14:54:54,545 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2023-10-26 14:54:54,545 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTP connection (1): 169.254.169.254:80
2023-10-26 14:54:55,554 - MainThread - botocore.utils - DEBUG - Caught retryable HTTP exception while making metadata service request to http://169.254.169.254/latest/api/token: Connect timeout on endpoint URL: "http://169.254.169.254/latest/api/token"
Traceback (most recent call last):
File "urllib3\connection.py", line 174, in _new_conn
File "urllib3\util\connection.py", line 95, in create_connection
File "urllib3\util\connection.py", line 85, in create_connection
TimeoutError: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "awscli\botocore\httpsession.py", line 448, in send
File "urllib3\connectionpool.py", line 799, in urlopen
File "urllib3\util\retry.py", line 525, in increment
File "urllib3\packages\six.py", line 770, in reraise
File "urllib3\connectionpool.py", line 715, in urlopen
File "urllib3\connectionpool.py", line 416, in _make_request
File "urllib3\connection.py", line 244, in request
File "http\client.py", line 1286, in request
File "awscli\botocore\awsrequest.py", line 94, in _send_request
File "http\client.py", line 1332, in _send_request
File "http\client.py", line 1281, in endheaders
File "awscli\botocore\awsrequest.py", line 122, in _send_output
File "awscli\botocore\awsrequest.py", line 206, in send
File "http\client.py", line 979, in send
File "urllib3\connection.py", line 205, in connect
File "urllib3\connection.py", line 179, in _new_conn
urllib3.exceptions.ConnectTimeoutError: (<botocore.awsrequest.AWSHTTPConnection object at 0x000001C7CB09C610>, 'Connection to 169.254.169.254 timed out. (connect timeout=1)')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "awscli\botocore\utils.py", line 383, in _fetch_metadata_token
File "awscli\botocore\httpsession.py", line 483, in send
botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "http://169.254.169.254/latest/api/token"
2023-10-26 14:54:55,557 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTP connection (2): 169.254.169.254:80
2023-10-26 14:54:56,562 - MainThread - botocore.utils - DEBUG - Caught retryable HTTP exception while making metadata service request to http://169.254.169.254/latest/meta-data/iam/security-credentials/: Connect timeout on endpoint URL: "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
Traceback (most recent call last):
File "urllib3\connection.py", line 174, in _new_conn
File "urllib3\util\connection.py", line 95, in create_connection
File "urllib3\util\connection.py", line 85, in create_connection
TimeoutError: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "awscli\botocore\httpsession.py", line 448, in send
File "urllib3\connectionpool.py", line 799, in urlopen
File "urllib3\util\retry.py", line 525, in increment
File "urllib3\packages\six.py", line 770, in reraise
File "urllib3\connectionpool.py", line 715, in urlopen
File "urllib3\connectionpool.py", line 416, in _make_request
File "urllib3\connection.py", line 244, in request
File "http\client.py", line 1286, in request
File "awscli\botocore\awsrequest.py", line 94, in _send_request
File "http\client.py", line 1332, in _send_request
File "http\client.py", line 1281, in endheaders
File "awscli\botocore\awsrequest.py", line 122, in _send_output
File "awscli\botocore\awsrequest.py", line 206, in send
File "http\client.py", line 979, in send
File "urllib3\connection.py", line 205, in connect
File "urllib3\connection.py", line 179, in _new_conn
urllib3.exceptions.ConnectTimeoutError: (<botocore.awsrequest.AWSHTTPConnection object at 0x000001C7CB09DE10>, 'Connection to 169.254.169.254 timed out. (connect timeout=1)')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "awscli\botocore\utils.py", line 431, in _get_request
File "awscli\botocore\httpsession.py", line 483, in send
botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
2023-10-26 14:54:56,564 - MainThread - botocore.utils - DEBUG - Max number of attempts exceeded (1) when attempting to retrieve data from metadata service.
2023-10-26 14:54:56,565 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\endpoints.json
2023-10-26 14:54:56,573 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x000001C7C990DF80>
2023-10-26 14:54:56,610 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\service-2.json
2023-10-26 14:54:56,652 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\endpoint-rule-set-1.json
2023-10-26 14:54:56,658 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\partitions.json
2023-10-26 14:54:56,659 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x000001C7C9858360>
2023-10-26 14:54:56,659 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x000001C7C98580E0>
2023-10-26 14:54:56,660 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: environment_service
2023-10-26 14:54:56,662 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: environment_global
2023-10-26 14:54:56,662 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: config_service
2023-10-26 14:54:56,663 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: config_global
2023-10-26 14:54:56,663 - MainThread - botocore.configprovider - DEBUG - No configured endpoint found.
2023-10-26 14:54:56,666 - MainThread - botocore.endpoint - DEBUG - Setting s3 timeout as (60, 60)
2023-10-26 14:54:56,671 - MainThread - botocore.utils - DEBUG - Registering S3 region redirector handler
2023-10-26 14:54:56,671 - MainThread - botocore.hooks - DEBUG - Event before-endpoint-resolution.s3: calling handler <function customize_endpoint_resolver_builtins at 0x000001C7C993A700>
2023-10-26 14:54:56,672 - MainThread - botocore.hooks - DEBUG - Event before-endpoint-resolution.s3: calling handler <bound method S3RegionRedirectorv2.redirect_from_cache of <botocore.utils.S3RegionRedirectorv2 object at 0x000001C7CC59D290>>
2023-10-26 14:54:56,673 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'ForcePathStyle': False, 'Accelerate': False, 'UseGlobalEndpoint': False, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True}
2023-10-26 14:54:56,673 - MainThread - botocore.regions - DEBUG - Endpoint provider result: https://s3.us-east-1.amazonaws.com
2023-10-26 14:54:56,673 - MainThread - botocore.regions - DEBUG - Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
2023-10-26 14:54:56,674 - MainThread - botocore.regions - DEBUG - Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}
2023-10-26 14:54:56,674 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.s3.ListBuckets: calling handler <function base64_decode_input_blobs at 0x000001C7CB00ACA0>
2023-10-26 14:54:56,675 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function validate_bucket_name at 0x000001C7C99384A0>
2023-10-26 14:54:56,675 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function remove_bucket_from_url_paths_from_model at 0x000001C7C993A520>
2023-10-26 14:54:56,676 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <bound method S3RegionRedirectorv2.annotate_request_context of <botocore.utils.S3RegionRedirectorv2 object at 0x000001C7CC59D290>>
2023-10-26 14:54:56,676 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function generate_idempotent_uuid at 0x000001C7C99382C0>
2023-10-26 14:54:56,677 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <function add_expect_header at 0x000001C7C9938860>
2023-10-26 14:54:56,677 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <function inject_api_version_header_if_needed at 0x000001C7C9939DA0>
2023-10-26 14:54:56,678 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListBuckets) with params: {'url_path': '/', 'query_string': '', 'method': 'GET', 'headers': {'User-Agent': 'aws-cli/2.13.29 Python/3.11.6 Windows/10 exe/AMD64 prompt/off command/s3.ls'}, 'body': b'', 'url': 'https://s3.us-east-1.amazonaws.com/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x000001C7CC55A890>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}, 's3_redirect': {'redirected': False, 'bucket': None, 'params': {}}}}
2023-10-26 14:54:56,678 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.ListBuckets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x000001C7CC5442D0>>
2023-10-26 14:54:56,679 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.ListBuckets: calling handler <function set_operation_specific_signer at 0x000001C7C9938180>
2023-10-26 14:54:56,681 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <function remove_arn_from_signing_path at 0x000001C7C993A660>
2023-10-26 14:54:56,683 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "awscli\clidriver.py", line 460, in main
File "awscli\customizations\commands.py", line 151, in call
File "awscli\customizations\commands.py", line 205, in call
File "awscli\customizations\s3\subcommands.py", line 505, in _run_main
File "awscli\customizations\s3\subcommands.py", line 570, in _list_all_buckets
File "awscli\botocore\client.py", line 342, in _api_call
File "awscli\botocore\client.py", line 687, in _make_api_call
File "awscli\botocore\client.py", line 707, in _make_request
File "awscli\botocore\endpoint.py", line 101, in make_request
File "awscli\botocore\endpoint.py", line 131, in _send_request
File "awscli\botocore\endpoint.py", line 114, in create_request
File "awscli\botocore\hooks.py", line 228, in emit
File "awscli\botocore\hooks.py", line 211, in _emit
File "awscli\botocore\signers.py", line 94, in handler
File "awscli\botocore\signers.py", line 166, in sign
File "awscli\botocore\auth.py", line 398, in add_auth
botocore.exceptions.NoCredentialsError: Unable to locate credentials
Possible Solution
No response
Additional Information/Context
No response
CLI version used
aws-cli/2.13.29 Python/3.11.6 Windows/10 exe/AMD64 prompt/off
Environment details (OS name and version, etc.)
Windows 11 Home 64 bit, Build version: 22621.2428
The text was updated successfully, but these errors were encountered: