Credentials issue introduced in 0.27.0 when running on EC2 instance. #163
Comments
|
Let me know how you invoke awscurl, and also how do you specify the
credentials (environment variable, command line, etc).
And thanks for reporting the issue.
…On Tue, May 2, 2023 at 3:35 PM Matt Harvey ***@***.***> wrote:
Hi. I have been using awscurl on an EC2 instance to call an API endpoint
that is secured via IAM permissions.
This worked fine under 0.26.0, but with the release of 0.27.0 I am now
encountering this error
File "/usr/local/bin/awscurl", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.6/site-packages/awscurl/awscurl.py", line 543, in main
inner_main(sys.argv[1:])
File "/usr/local/lib/python3.6/site-packages/awscurl/awscurl.py", line 508, in inner_main
args.profile)
File "/usr/local/lib/python3.6/site-packages/awscurl/awscurl.py", line 427, in load_aws_config
cred = session.get_credentials()
File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 449, in get_credentials
'credential_provider').load_credentials()
File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 897, in get_component
self._components[name] = factory()
File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 176, in <lambda>
lambda: botocore.credentials.create_credential_resolver(self))
File "/usr/local/lib/python3.6/site-packages/botocore/credentials.py", line 55, in create_credential_resolver
metadata_timeout = session.get_config_variable('metadata_service_timeout')
File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 265, in get_config_variable
elif self._found_in_config_file(methods, var_config):
File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 286, in _found_in_config_file
return var_config[0] in self.get_scoped_config()
File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 358, in get_scoped_config
raise ProfileNotFound(profile=profile_name)
botocore.exceptions.ProfileNotFound: The config profile (default) could not be found
The problem looks like it might have been caused by this change: 7b38c7f
?diff=split?diff=split?diff=split%3Fdiff%3Dsplit
<7b38c7f?diff=split?diff=split?diff=split%3Fdiff%3Dsplit>
Is this a known issue, or this there a workaround for the problem I could
apply?
Thanks.
—
Reply to this email directly, view it on GitHub
<#163>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADUYXVYESPMQBZQX2BWT3TXEFV2RANCNFSM6AAAAAAXTRIPQM>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
There are no environment variables or profile setup on the EC2 instance for authentication. What I am guessing was happening previously was the |
|
Alright I’ll recheck on ec2 instance. Which service are you accessing (ec2, lambda..)?On May 2, 2023, at 6:22 PM, Matt Harvey ***@***.***> wrote:
There are no environment variables or profile setup on the EC2 instance for authentication. What I am guessing was happening previously was the session = botocore.session.get_session() gets credentials for the execution role associated with the EC2 instance (I may be wrong though).
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
|
Lambda via API Gateway endpoint.
The API gateway endpoint is secured via IAM policy that restricts access based on AWS Organisation Units.
…________________________________
From: Igor Okulist ***@***.***>
Sent: Wednesday, 3 May 2023 11:42 am
To: okigan/awscurl ***@***.***>
Cc: Matt Harvey ***@***.***>; Author ***@***.***>
Subject: Re: [okigan/awscurl] Credentials issue introduced in 0.27.0 when running on EC2 instance. (Issue #163)
Alright I’ll recheck on ec2 instance. Which service are you accessing (ec2, lambda..)?On May 2, 2023, at 6:22 PM, Matt Harvey ***@***.***> wrote:
There are no environment variables or profile setup on the EC2 instance for authentication. What I am guessing was happening previously was the session = botocore.session.get_session() gets credentials for the execution role associated with the EC2 instance (I may be wrong though).
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
—
Reply to this email directly, view it on GitHub<#163 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABHSEFSDHKDNVKBKOIMUKVDXEGLUTANCNFSM6AAAAAAXTRIPQM>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
got pulled in with other items -- will review asap. |
|
Capturing nice way to repro in aws cloud shell: |
|
Output from the latest release: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi. I have been using awscurl on an EC2 instance to call an API endpoint that is secured via IAM permissions.
This worked fine under 0.26.0, but with the release of 0.27.0 I am now encountering this error
The problem looks like it might have been caused by this change: 7b38c7f?diff=split?diff=split?diff=split%3Fdiff%3Dsplit
Is this a known issue, or this there a workaround for the problem I could apply?
Thanks.
The text was updated successfully, but these errors were encountered: