Aws::Auth::STSProfileCredentialsProvider does not read from ~/.aws/credentials

[endgame]

Describe the bug

Aws::Auth::STSProfileCredentialsProvider only looks at ~/.aws/config when trying to look up a profile, but the aws_access_key_id and aws_secret_access_key are conventionally stored in ~/.aws/credentials. This causes applications using this provider to fail to acquire credentials, while applications built using other SDKs and the AWS CLI correctly find credentials.

Expected Behavior

Aws::Auth::STSProfileCredentialsProvider should read keys from ~/.aws/credentials when looking for a named profile.

Current Behavior

Aws::Auth::STSProfileCredentialsProvider will only read keys from ~/.aws/config when evaluating a profile.

Reproduction Steps

The below code tells STSProfileCredentialsProvider to load credentials from the profile in argv[1], and then print the count of buckets in an s3:ListBuckets call:

#include "config.h"

#include <aws/core/Aws.h>
#include <aws/core/utils/logging/LogLevel.h>
#include <aws/identity-management/auth/STSProfileCredentialsProvider.h>
#include <aws/s3/S3Client.h>
#include <aws/s3/model/HeadBucketRequest.h>
#include <iostream>
#include <memory>

int main(int argc, const char *argv[]) {
  if (argc < 2) {
    std::cerr << "Usage: " << argv[0] << " PROFILENAME" << std::endl;
    return 1;
  }

  Aws::SDKOptions options;
  options.loggingOptions.logLevel = Aws::Utils::Logging::LogLevel::Debug;
  Aws::InitAPI(options);

  Aws::S3::S3Client client(
    std::make_shared<Aws::Auth::STSProfileCredentialsProvider>(argv[1])
  );
  auto outcome = client.ListBuckets();
  if (outcome.IsSuccess()) {
    std::cout << outcome.GetResult().GetBuckets().size() << " buckets" << std::endl;
  } else {
    std::cout << "Error: " << outcome.GetError() << std::endl;
  }

  Aws::ShutdownAPI(options);
  return 0;
}

With aws_access_key_id and aws_secret_access_key in ~/.aws/credentials, this code will print 0 buckets. It will list the correct number of buckets if the key fields are instead set in ~/.aws/config.

Possible Solution

STSProfileCredentialsProvider should read the ~/.aws/credentials file when trying to load a profile.

Additional Information/Context

No response

AWS CPP SDK version used

1.9.238

Compiler and Version used

gcc 11.3.0

Operating System and version

Linux 5.15.43 on x86_64

[jmklix]

This looks similar to this other issue: #2920
This will have to be fixed in a similar way:

Thanks for pointing this out to us. This is a problem with how the sts client was written, and will require a significant refactor of the sts client. This has been added to our backlog, but this is not something that will get completed this quarter. I don't have a timeline for when fixed, but I will update here when it does. Sorry for the delay