Build fails when passing AWS_ACCESS_KEY_ID because it assumes that key has access to bucket

Question

Build fails when passing AWS_ACCESS_KEY_ID because it assumes that key has access to bucket

Opened this issue 8 months ago · 0 comments

What happened: Running packer to build an image it would error on awscli commands then an access_key_id was passed in. The access_key is the key being used to create the instance with packer. I don't think it should be assumed that this key also has access to the s3 bucket.

What you expected to happen: When using an AWS_ACCESS_KEY_ID and not trying to use a private bucket the build should default to using wget to obtain the binaries.

How to reproduce it (as minimally and precisely as possible): Use an AWS_ACCESS_KEY_ID that does not have permissions to a private bucket.

Anything else we need to know?: I think the core issue would be relating to using aws s3 cp if an AWS_ACCESS_KEY_ID is set. If a user is using a session token there is not an AWS_ACCESS_KEY_ID in the environment variables and it will default to wget. I would probably argue that is the norm on role based permission. So if access to a private bucket is needed it should probably be declared on the instance profile and triggered with something like PRIVATE_BUCKET vs assuming to use aws cli just based on the presence of an access_key_id.