Credentials caching is too aggressive

[Mjb141]

Describe the bug
Error suggesting invalid profile on machine with existing credentials file in use with aws cli

To Reproduce
After installing and ctrl+shift+p -> connect to AWS on a machine that already has a credentials file in the home directory, the user is given a list of profiles in the credentials file. Selecting either of my profiles returns an error "Credentials profile is invalid"

Expected behavior
AWS connects to that profile.

Screenshots

Same machine, same session, aws cli works using default profile:

Desktop (please complete the following information):

• OS: Windows 10
• Visual Studio Code Version: 1.36.1
• AWS Toolkit for Visual Studio Code Version: 1.0.0

[hunterwerlla]

Can you provide an example credentials file without any real resources or accounts that matches the structure of the file that is not working? My first thought is our validation is too tight, but we need an example to start to debug.

[Mjb141]

credentials - Copy.txt

Sure - added. Both keys are garbage random, but the format is precisely the same as the working credentials file.

(.txt only because of github upload filetype restrictions, actual file has no filetype)

[hunterwerlla]

@MichaelBrown08 can you try changing aws_access_key_id and aws_secret_key_id to lower case? it looks like we are not handling casing correctly and I was able to reproduce the by setting my own file to upper case.

[Mjb141]

That doesn't seem to have worked. Example file attached.

credentials - Copy.txt

[bryceitoc9]

@MichaelBrown08 Out of curiosity, have you restarted VS Code at any point in this process? Right now, our caching is a bit overreactive...the moment you load a credentials profile, it will cache whatever credentials are there throughout the duration of the extension being active. This means that changing the credentials to a valid set mid-flight won't work if you've already attempted to load the profile.

Could you try closing VS Code, updating your credentials (especially if they have an associated access token), and restarting VS Code/the extension?

[Mjb141]

@bryceitoc9 I have restarted several times, and uninstalled/reinstalled the extension. Not entirely sure I did so after changing the credentials file though.

To clarify, the text (both the keys and values) should be lower case? Or only the keys (aws_access_key_id,aws_secret_key_id)?

[hunterwerlla]

@MichaelBrown08 both keys should be lower case

[bryceitoc9]

The AWS credentials file should look like when the credentials profile is loaded for the first time in an IDE session.

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

(source: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where )

If you have an aws_session_token, this key name should also be in lower case. The values for all of these should remain in their native cases.

Additionally, do you have the AWS_SHARED_CREDENTIALS_FILE environment variable set? If so, we use that value first and otherwise default to the credentials file at ~/.aws/credentials second.

[Mjb141]

I don't have AWS_SHARED_CREDENTIALS_FILE set.

I'll uninstall the extension, change the file to that formatting and try again tomorrow morning.

[Mjb141]

This can be closed. I've managed to log in with existing credentials after uninstalling the extension, closing VSCode, lowercasing the keys in the credentials file and reinstalling the extension.

[hunterwerlla]

I'm going to relabel this as the root cause of your issue: our caching seems to be too aggressive

[jthom143]

Having a similar issue:

"Credentials profile is invalid" when trying to connect to that profile through AWS toolkit for Visual Studio Code.

Credentials profile was set up using aws configure and works file with the CLI.

credentials profile is in the following format:
[default]
aws_access_key_id = ###################
aws_secret_access_key = ########################

config file is the the following format:
[default]
region = us-gov-east-1

Tried restarting VS Code, uninstalling then reinstalling extension.

Not sure if this is due to an aggressive cache or if the govcloud is not supported with this extension (could not find any documentation regarding this).

Desktop:
Microsoft Windows 10
VS Code verion: 1.40.0
AWS toolkit version: 1.2.0

[Ragusignon]

Having Same Issue:

Getting "Credentails profile default is invalid" error while connecting to AWS in VS code. I have given AWS access key and secret key in lower case

Desktop:
Microsoft Windows 10
VS code version: 1.40.1
AWS toolkit version : 1.2.0

Tried restarting VS code and reinstalled VS code

Please help

[awschristou]

Hi @jthom143 , govcloud (and other partitions) are currently not supported from the toolkit. Govcloud support can be tracked from #810

Hi @Ragusignon , credential caching is per toolkit session currently. If you've restarted VS Code and were unsuccessful in using a credential, you likely have a separate issue. If you aren't using the a govcloud region, please open a new issue so that we can get more information and investigate.

[awschristou]

#876 helps with credentials caching by not holding on to invalid credentials. This is available in v1.5.0.

#888 helps with credentials caching by always using the latest version of a profile when logging in, if it has changed since the last time the toolkit used it during the same session. This change is now in review.

[awschristou]

A new version of the toolkit (v1.6.0) is now out. If you alter your credentials file while VS Code is open, these changes will now be picked up when you next select credentials within the toolkit, eliminating the need to restart VS Code.

I'm closing this issue out, because a few separate issues have been added to the comment stream. Please add new (separate) issues you find with the new version of the toolkit.