-
Notifications
You must be signed in to change notification settings - Fork 468
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
configure-aws-credentials@v4 fails to create ~/.aws/credentials file #987
Comments
Hi @ICeZer0 thanks for reaching out. I think something like this captures what you're trying to do, can you confirm? on: push
jobs:
auth-with-account:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS Credentials v4
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Add profile
run: |
mkdir -p ~/.aws
echo "[default]" > ~/.aws/credentials
echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials
- name: Print aws profile names
run: |
awk -F '[][]' '/^\[/{print $2}' ~/.aws/credentials
- name: Test credentials
run: |
aws s3 ls |
@tim-finnigan Yes! Since you added the region, you can also echo .aws/config |
Taking a second look, do you need the "add profile" job? My understanding is that configure-AWS-credentials will automatically create the default profile. |
All this action does is export environment variables. Basically, we're using the credentials you provide us to request temporary credentials from STS, and then exporting those credentials in to the environment. This is so later on, when your application goes through the standard credential resolution flow, it can pick up the session credential. You mentioned Python, so I'll link to the boto3 documentation on the credential resolution flow: Environment variables are number 3 in that list, so if there are environment variables that exist, they will be picked up before the SDK even tries to look at the configuration files. This action doesn't attempt to create configuration files at all. If you need the configuration files for some reason, you would need to do that yourself, which is the example that @tim-finnigan linked earlier. Since this isn't something that we've ever supported in the action, I'm going to close this issue. If it's something that you need, you can follow @tim-finnigan's example above. |
Comments on closed issues are hard for our team to see. |
Comments on closed issues are hard for our team to see. |
Describe the bug
aws-actions/configure-aws-credentials@v4
fails to create~/.aws/credentials
within the GitHub actions workflow container.I discovered this bug while troubleshooting an issue with boto3
botocore.exceptions.ProfileNotFound: The config profile (default) could not be found"
I double-checked this error by attempting to print the profile using
awk
Expected Behavior
This should create the following files
~/.aws/credentials
and~/.aws/config
Current Behavior
No folder exists
Reproduction Steps
Create a github action with the following step
Run the following command to check for the folder
Pipeline error: awk: fatal: cannot open file `/home/runner/.aws/credentials' for reading: No such file or directory
Possible Solution
No response
Additional Information/Context
Using aws configure fixes this issue
The text was updated successfully, but these errors were encountered: