'Amplify init' ignores AWS CLI specified named profile

[mobilequickie]

Do you want to request a feature or report a bug? Bug

What is the current behavior?
I have the unified AWS CLI installed and configured with a 'default' and a 'burner' named profile. When specifying the name profile, the assets are provisioned using my 'default' profile credentials from a different account. My named profiles are setup here: ~/.aws/credentials on a MacBook Pro.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.

Reproduction:
$ amplify init
$ Do you want to use an AWS profile? Yes
$ Please choose the profile you want to use: burner
$ amplify push
Result: Resources provisioned in the wrong account

What is the expected behavior?
To provision AWS resources using the specified AWS named profile credentials.

Which versions of Amplify CLI, and which OS are affected by this issue? Did this work in previous versions?
$ amplify --version
0.1.13

[UnleashedMind]

When you say you configured the aws cli to use the default profile. How did you configure it?

[heitorlessa]

I'm having the same issue except I see the issue earlier in the process:

$ amplify init
- Do you want to use an AWS profile? Yes
- Please choose the profile you want to use: amplify
...
<stack trace of Access Denied on cloudformation:CreateStack> using [Default] profile

Also noticed that it uses ~/.aws/credentials to load the list of profiles over ~/.aws/config.

If that helps, I basically lock down my default profile to only be able to Assume Roles in other accounts (which I set as profiles, ie demo, amplify, etc.).

[dmennis]

@UnleashedMind The default profile was configured way back using the AWS unified CLI. I then created a new named profile by updating the ~/.aws/credentials file. I'm on MacOS 10.13.6.

Here's what my AWS CLI named profiles look like:
~/.aws/credentials

[default]
aws_access_key_id = XXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXX

[burner]
aws_access_key_id = XXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXX

~/.aws/profile

[default]
output = json
region = us-west-2

[profile burner]
output = json
region = us-east-1

[shinynet]

It never even asks me for a profile. I have a profile configured using 'amplify configure'. Then when I start the init process I get this:

$ amplify init
? Choose your default editor: 
... bunch of other questions ...
Using default provider awscloudformation
AWS access credentials can not be detected.
? Setup new user (Y/n) n
? accessKeyId:  (<YOUR_ACCESS_KEY_ID>) 

My chosen profile is properly setup and and configured in .aws/config and .aws/configure, yet, it wants me give it my credentials rather than just asking for a profile name...

[lligato]

Same issue for me

[kernelsoe]

For me, I configured default profile using aws-cli. And the second profile using “amplify-cli”.

It works well right now. Did you manually added the keys?

[AdamMarton]

@kernelsoe how did you used amplify CLI without initializing it? (assuming you've used amplify configure to configure profile)

[kernelsoe]

@AdamMarton Of course, I init'ed the project folder. Sorry, I don't quite clear what do you mean?

[AdamMarton]

@kernelsoe amplify configure does not run for me on Windows.

[kaustavghosh06]

Published a new version of the CLI with a fix for this to npm -> 0.1.17. Please install it and feel free to re-open the issue if the problem still persists.

[dmennis]

I can confirm this issue has been fixed after installing Amplify CLI v0.1.17 on my Mac.

[msolimans]

Edited the file .config/local-aws-info.json and manually changed profile name

        "useProfile": true,
        "profileName": "MY_PROFILE_NAME"

[chrisfowler]

~/dev/qi-ui-admin release/v0.1* 38s
❯ amplify -v
0.2.1-multienv.43

~/dev/qi-ui-admin release/v0.1*
❯ node -v
v9.10.1

Mac OSX 10.14.1

---

First I setup a dev Amplify env in my development branch using amplify init and set it to use AWS profile [ws]. It deploys ok to the ws account profile. Then created release branch and used amplify init to create a new environment staging, and set it to use a different aws profile [qi].

The amplify init run to complete, but the root stack for staging env is created in account ws profile and not the qi profile.

~/dev/qi-ui-admin release/v0.1* 37s
❯ amplify env list

| Environments |
| ------------ |
| *dev         |


~/dev/qi-ui-admin release/v0.1*
❯ amplify init
Note: It is recommended to run this command from the root of your app directory
You're initializing your project with a beta version of the CLI which supports multiple environments of your project
? Do you want to use an existing environment? No
? Enter a name for the environment staging
Using default provider  awscloudformation

For more information on AWS Profiles, see:
https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html

? Do you want to use an AWS profile? Yes
? Please choose the profile you want to use qi
⠹ Initializing project in the cloud...

CREATE_IN_PROGRESS qi-web-platform-20190208111129 AWS::CloudFormation::Stack Fri Feb 08 2019 11:11:29 GMT+0000 (GMT) User Initiated
CREATE_IN_PROGRESS DeploymentBucket               AWS::S3::Bucket            Fri Feb 08 2019 11:11:33 GMT+0000 (GMT)
CREATE_IN_PROGRESS AuthRole                       AWS::IAM::Role             Fri Feb 08 2019 11:11:33 GMT+0000 (GMT)
CREATE_IN_PROGRESS UnauthRole                     AWS::IAM::Role             Fri Feb 08 2019 11:11:34 GMT+0000 (GMT)
CREATE_IN_PROGRESS DeploymentBucket               AWS::S3::Bucket            Fri Feb 08 2019 11:11:34 GMT+0000 (GMT) Resource creation Initiated
CREATE_IN_PROGRESS UnauthRole                     AWS::IAM::Role             Fri Feb 08 2019 11:11:34 GMT+0000 (GMT) Resource creation Initiated
CREATE_IN_PROGRESS AuthRole                       AWS::IAM::Role             Fri Feb 08 2019 11:11:34 GMT+0000 (GMT) Resource creation Initiated
⠴ Initializing project in the cloud...

CREATE_COMPLETE UnauthRole                     AWS::IAM::Role             Fri Feb 08 2019 11:11:51 GMT+0000 (GMT)
CREATE_COMPLETE AuthRole                       AWS::IAM::Role             Fri Feb 08 2019 11:11:52 GMT+0000 (GMT)
CREATE_COMPLETE DeploymentBucket               AWS::S3::Bucket            Fri Feb 08 2019 11:11:55 GMT+0000 (GMT)
CREATE_COMPLETE qi-web-platform-20190208111129 AWS::CloudFormation::Stack Fri Feb 08 2019 11:11:58 GMT+0000 (GMT)
✔ Successfully created initial AWS cloud resources for deployments.
✔ Initialized provider successfully.
Initialized your environment successfully.

Your project has been successfully initialized and connected to the cloud!

Some next steps:
"amplify status" will show you what you've added already and if it's locally configured or deployed
"amplify <category> add" will allow you to add features like user login or a backend API
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

Pro tip:
Try "amplify add api" to create a backend API and then "amplify publish" to deploy everything



~/dev/qi-ui-admin release/v0.1*
❯ amplify env list

| Environments |
| ------------ |
| dev          |
| *staging     |

---
~/.aws/credentials
[default]
aws_access_key_id=xxxxxx
aws_secret_access_key=xxxxxx/xxxxx
aws_default_region=eu-west-1

[ws]
aws_access_key_id=xxxxx
aws_secret_access_key=xxxxxx/xxxxxx
aws_default_region=eu-west-1

[qi]
aws_access_key=xxxxxx
aws_secret_access_key=x/xxxxxx/xxxxxx
aws-default_region=eu-west-1

---
~/.aws/profile
[profile qi]
region=eu-west-1
output=json

[profile ws]
region=eu-west-1
output=json

[default]
region=eu-west-1
output=json

---
~/.aws/config
[profile qi]
region=eu-west-1
output=json

[profile ws]
region=eu-west-1
output=json

[default]
region=eu-west-1
output=json

[chrisfowler]

OK this was my mistake: spot the error in above credentials file....

[qi]
aws_access_key=xxxxxx // should be aws_access_key_id

All sorted now. Deploying to requested account OK.

[sharelookapp]

I am experiencing this error in v1.12.0

during amplify init i indicated i wanted to use a profile and select the appropriate one.
instead, its using the default profile. i have to keep switching the key/access i need in default for it to work.

local-aws-info.json:
"useProfile": true,
"profileName": "projectx"

credentials:
[default]
aws_access_key_id=projectAkey
aws_secret_access_key=projectAsecret

[projectx]
aws_access_key_id=projectXkey
aws_secret_access_key=projectXsecret

config & profile
[default]
region=ap-southeast-1
output=json

[profile projectx]
region=ap-southeast-1
output=json

with the above settings, amplify push results in "access denied"
if i put projectXkey/secret into [default], i can push without issue.

[Anto-gh]

Hi,
I'm getting another error when trying to initialize,

? Please choose the profile you want to use XXX
init failed
Error: ENOENT: no such file or directory, open 'C:\Users\YYY\AppData\Roaming\SPB_Data\.aws\credentials'

The credential file is in fact located under C:\Users\YYY\.aws\credentials

...can anyone help please?

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.