Skip to content

Assume role profile doesn't work #571

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Assume role profile doesn't work#571
Labels
planning
@yermulnik

Description

@yermulnik
yermulnik
opened on Jun 16, 2023

I'm using assume role functionality by means of source_profile (https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles) and it looks like s5cmd doesn't support this despite declaring it relies upon AWS SDK (https://github.com/peak/s5cmd#specifying-credentials):

> sed -n '/^\[ops-admin]/,/^$/p' ~/.aws/credentials.mycompany
[ops-admin]
role_arn = arn:aws:iam::XXXXXXXXXXXX:role/ops-admin
source_profile = default

> aws --profile ops-admin sts get-caller-identity
{
    "UserId": "AROA[…]:botocore-session-1686921474",
    "Account": "XXXXXXXXXXXX",
    "Arn": "arn:aws:sts::XXXXXXXXXXXX:assumed-role/ops-admin/botocore-session-1686921474"
}

> s5cmd --profile ops-admin ls s3://my-bucket-XXXXXXXXXXXX/
ERROR "ls s3://my-bucket-XXXXXXXXXXXX/": SharedCredsAccessKey: shared credentials ops-admin in /home/giermulnik/.aws/credentials.mycompany did not contain aws_access_key_id

Is there anything I can do to overcome this natively (apart from creating dedicated AWS CLI profile with AWS access creds in right it)?
Thanks.

Metadata

Assignees

No one assigned

    Labels

    planning

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions