CloudPouch/CloudPouch.dev

application does not read profiles from config when credentials is missing

Opened this issue · 12 comments

10:54:06.151 › [main.js] AWS Config file exists = true at path /Users/***/.aws/config
10:54:06.167 › Error: ENOENT: no such file or directory, open '/Users/***/.aws/credentials'

I had to create an empty .aws/credentials to have the app load the profiles defined in .aws/config

Hi @Laurian, thank you for submitting this bug.

Yes, application expects the presence of ~/.aws/credentials file.

Out of curiosity, why you didn't have that file?

It kinda happened that way on a newly installed machine, just setup a single account with SSO and got only the config and not the credentials file

I see that's really uncommon, but can happen that someone has only SSO configuration.

Thanks again for submitting it. I will fix it in the next release :-)

Better error handling when there is no ~/.aws/credentials file has been added in version 1.15.3

I see that this issue is still open so I'll just continue the conversation even though a release supposedly addressed the issue.

I'm using AWS SSO. I have it all set up and working on the CLI with many profiles. I use aws sso login --profile <my-profile> to log in, which opens a browser window from which I can allow the authentication and I'm off to the races.

At no point do I use a .aws/credentials file, nor would I want to as this will store credentials on disk. The aws sso login process adds credentials to AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

How can I make this set up work with CloudPouch?

Hey @bwhaley I started working on this issue.

Indeed, right now CloudPouch expects ~/.aws/credentials and without it crashes.
image

As a temporary work-around solution you can add ~/.aws/credentials file with a FAKE credentials for default profiles

[default]
aws_access_key_id = FAKE
aws_secret_access_key = FAKE
cli_pager =

That will result in the error for this fake default profile obviously :-)
image
but you would be able to select other profiles which are defined in the ~/.aws/config.

Also, you don't need to execute the command aws sso login --profile <my-profile>. CloudPouch opens a web browser tab for you with an authentication message when you click on an SSO profile.
image

This did the trick for me, thank you!

I do find that when I choose a profile, then select another, I'm asked to authenticate again. With SSO, I should only need to authenticate once. The same credentials should be valid for all the profiles.

Same here, using aws-vault to manage my credentials. Created a temporary [default] profile in ~/.aws/credentials file with AWS_REGION, AWS_DEFAUILT_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variables, but still seeing the error that no credentials are found.

Hey @peteroruba, thanks for trying out CloudPouch.

Have you defined it using lowercase?

As specified in the AWS docs for ~/.aws/credentials.

[default] 
aws_access_key_id = AKIAIOSFODNN7EXAMPLE 
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

@serverlesspolska thanks, that was it. For the record - I also had to add aws_session_token and now I am able to run it

I'm glad it solved the problem for you 😃

Regarding the aws_session_token, I guess it's because your credentials are temporary, right?

Yes, exactly. I wanted to run it with my regular account for a quick evaluation, but for regular use a dedicated IAM user definitely makes more sense.