Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assume role profile doesn't work #571

Open
yermulnik opened this issue Jun 16, 2023 · 4 comments
Open

Assume role profile doesn't work #571

yermulnik opened this issue Jun 16, 2023 · 4 comments
Labels
planning

Comments

@yermulnik
Copy link

I'm using assume role functionality by means of source_profile (https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles) and it looks like s5cmd doesn't support this despite declaring it relies upon AWS SDK (https://github.com/peak/s5cmd#specifying-credentials):

> sed -n '/^\[ops-admin]/,/^$/p' ~/.aws/credentials.mycompany
[ops-admin]
role_arn = arn:aws:iam::XXXXXXXXXXXX:role/ops-admin
source_profile = default

> aws --profile ops-admin sts get-caller-identity
{
    "UserId": "AROA[…]:botocore-session-1686921474",
    "Account": "XXXXXXXXXXXX",
    "Arn": "arn:aws:sts::XXXXXXXXXXXX:assumed-role/ops-admin/botocore-session-1686921474"
}

> s5cmd --profile ops-admin ls s3://my-bucket-XXXXXXXXXXXX/
ERROR "ls s3://my-bucket-XXXXXXXXXXXX/": SharedCredsAccessKey: shared credentials ops-admin in /home/giermulnik/.aws/credentials.mycompany did not contain aws_access_key_id

Is there anything I can do to overcome this natively (apart from creating dedicated AWS CLI profile with AWS access creds in right it)?
Thanks.
@yermulnik
Copy link
Author 

> s5cmd version
v2.1.0-beta.1-3e08061

@yermulnik yermulnik mentioned this issue Jun 19, 2023
Merged
@omata
Copy link

omata commented Jun 21, 2023

Hello,

I tried to access an account using --profile to do a switch role but is its failing with ERROR "ls s3://my-bucket/": SharedCredsLoad: failed to get profile

I'm using versión 2.1.0 with the following command:

s5cmd --credentials-file ~/.aws/credentials --profile my-profile ls s3://my-bucket/

@yermulnik
Copy link
Author 

> s5cmd version
v2.1.0-beta.1-3e08061

Same did not contain aws_access_key_id error with v2.1.0-3efbbe8

@jcolfej
Copy link

jcolfej commented Sep 4, 2023

Hi all! I had exactly the same problem as you:

s5cmd --profile="prod" ls
ERROR "ls": SharedCredsAccessKey: shared credentials prod in /Users/jcolfej/.aws/credentials did not contain aws_access_key_id

The problem is a bad implementation of the AWS SDK authentication (I see these problems very often on AWS-related projects...).

But, good news, there's a way to "fix" the problem for now.
Instead of using the --profile argument, use the AWS_PROFILE environment variable:

AWS_PROFILE="prod" s5cmd ls

And it works ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
planning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ilkinulas @omata @yermulnik @jcolfej