-
-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Receiving an error="NoCredentialProviders: #89
Comments
This does look like a bug. Not sure what the cause is. Perhaps some AWS Go SDK issue? If anyone has a chance to dig in and take a look, I believe this is where we configure the session for auth: https://github.com/gruntwork-io/cloud-nuke/blob/master/aws/aws.go#L40 |
I am an encountering what I believe to be a similar issue. My use case is to use issue a command on account A -and role A to account B role B. And with the credentials from account B role B, run the cloud-nuke. However, it is querying for resources belonging to account A. -- I suspect that, as you mentioned, there is an issue in the AWS Go SDK. Similar to in the past, where the 'boto' library could not make use of roles for containers. If you wanted to use roles with containers, you had to use boto3 library. I am speculating that there is an issue with the AWS Go SDK such that it is not providing the 'account' ID for the assumed role, and instead (in my case, providing the original account ID), and in the submitter's case, providing 'no id' (no credentials). --- Unfortunately I do not have a solution to this either. |
bash-5.0$ aws sts get-caller-identity |
This is a bug in the SDK https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html. It specifically identifies the order in which credentials will be used. The behavior is different from the documentation. You can get around the issue by explicitly setting AWS_ACCESS_ID, AWS_SECRET_ACCESS_KEY, (and) AWS_SESSION_TOKEN, at which point, the GO SDK will then properly use the credentials you expect, and cloud-nuke (in my case) will execute commands looking for resources in the correct account |
I have export AWS_SDK_LOAD_CONFIG=true
export AWS_PROFILE=foobar
cloud-nuke aws --dry-run |
This fixed my issue 100% |
Given this issue has already been solved, I am closing this issue :) |
I am trying this out for the first time and I was stopped in my tracks and don't know how to troubleshoot further. I use an AWS profile configuration to assume a role in an account. Is this supported? Am I overlooking something obvious?
The text was updated successfully, but these errors were encountered: