Can't get credentials when AWS_ACCESS_KEY_ID has a forward slash
pjungwir opened this issue · 1 comments
pjungwir commented
If your AWS_ACCESS_KEY_ID contains a forward slash, then aws-iam-authenticator fails to retrieve credentials, because it builds a slash-separated string with your key id and a few other items. The error looks like this:
$ export AWS_ACCESS_KEY_ID=foo/bar
$ kubectl --kubeconfig foo.yaml get pods
could not get token: IncompleteSignature: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got 'foo/bar/20210531/us-east-1/sts/aws4_request'
status code: 400, request id: 3ff1757d-0989-4c91-b3f8-f778d67495d9
could not get token: IncompleteSignature: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got 'foo/bar/20210531/us-east-1/sts/aws4_request'
status code: 400, request id: 7f97ed26-8955-4ed8-ad0d-9854434b076e
could not get token: IncompleteSignature: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got 'foo/bar/20210531/us-east-1/sts/aws4_request'
status code: 400, request id: 86d33b16-b24b-4195-90be-e5faa43306ef
could not get token: IncompleteSignature: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got 'foo/bar/20210531/us-east-1/sts/aws4_request'
status code: 400, request id: 6893d286-40ab-49db-982a-609f6f48b9db
could not get token: IncompleteSignature: Credential must have exactly 5 slash-delimited elements, e.g. keyid/date/region/service/term, got 'foo/bar/20210531/us-east-1/sts/aws4_request'
status code: 400, request id: caeb18a4-5aad-4cd8-819d-bd780830fc4b
Unable to connect to the server: getting credentials: exec: executable aws-iam-authenticator failed with exit code 1
pjungwir commented
Oh I just realized I had my access key ID and access key swapped. I don't think slashes can appear in the key ID, only the secret, so using slash as a delimiter should be safe. Sorry!