Skip to content

Error: Could not load credentials from any providers - Caused by env var  #962

New issue
New issue
Closed
#1003
Closed
Error: Could not load credentials from any providers - Caused by env var #962
#1003
Labels
bugSomething isn't workingdocumentationThis is an issue with documentationp2
@Ca-moes

Description

@Ca-moes
Ca-moes
opened on Dec 29, 2023

Describe the bug

When running the action, if there was an environment variable with the name AWS_PROFILE set, it would throw the error:

Error: Could not load credentials from any providers

By removing this env var, the actions runs successfully.

Expected Behavior

Action to run without a problem, no matter which env vars I set on my workflow.

Current Behavior

My including a env var named AWS_PROFILE, the action fails with the error:

Error: Could not load credentials from any providers

Reproduction Steps

The workflow below creates two jobs, one of them works and the other fails:

name: Test aws action

on:
  push:

jobs:
  aws-auth-working:
    name: AWS Authentication working
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4    
        with:
          role-to-assume: arn:aws:iam::xxxxxxxxxxxx:role/github-actions-prod
          aws-region: eu-central-1

      - name: Get Caller Identity
        run: aws sts get-caller-identity
        shell: bash
    
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

  aws-auth-not-working:
    name: AWS Authentication not working
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    env:
      AWS_PROFILE: prod
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v3     
        with:
          role-to-assume: arn:aws:iam::xxxxxxxxxxxx:role/github-actions-prod
          aws-region: eu-central-1
    
      - name: Get Caller Identity
        run: aws sts get-caller-identity
        shell: bash
  
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

Possible Solution

The env var is referenced here:

configure-aws-credentials/dist/index.js

Lines 14636 to 14641 in 6e4af39

Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getProfileName = exports.DEFAULT_PROFILE = exports.ENV_PROFILE = void 0;
exports.ENV_PROFILE = "AWS_PROFILE";
exports.DEFAULT_PROFILE = "default";
const getProfileName = (init) => init.profile || process.env[exports.ENV_PROFILE] || exports.DEFAULT_PROFILE;
exports.getProfileName = getProfileName;

and here, only:

configure-aws-credentials/dist/cleanup/index.js

Lines 14048 to 14053 in 6e4af39

Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getProfileName = exports.DEFAULT_PROFILE = exports.ENV_PROFILE = void 0;
exports.ENV_PROFILE = "AWS_PROFILE";
exports.DEFAULT_PROFILE = "default";
const getProfileName = (init) => init.profile || process.env[exports.ENV_PROFILE] || exports.DEFAULT_PROFILE;
exports.getProfileName = getProfileName;

image

One possible fix could be to remove the following option || process.env[exports.ENV_PROFILE] || and turn that line into:

const getProfileName = (init) => init.profile || exports.DEFAULT_PROFILE;

Additional Information/Context

Is an env var defined at the job level used by all the lower level steps on a workflow? If yes, then it should be documented on this action to reserve these env var names, or overwrite them correctly, or choose a different method.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingdocumentationThis is an issue with documentationp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions