We Keep Coding

aws configure list show me nothing

Assume I am on a Mac and I have a ~/.aws/config file:
[profile cicd]
region = us-west-2
output = json
[profile prod]
region = us-west-2
output = json
And also a ~/.aws/credentials file:
[cicd]
aws_access_key_id = 12345
aws_secret_access_key = 12345
[prod]
aws_access_key_id = 12345
aws_secret_access_key = 12345
If I run:
aws configure list
I get:
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None
What have I done wrong?
Also, the company I work for has multiple AWS accounts. The cicd profile runs in one AWS account, and the prod runs in a different AWS account. A I supposed to record that fact in the AWS config files?

aws configure list just lists the current AWS credentials that you are using. It doesn't list all the available credentials you have configured on your system. The name of the command is really misleading.
It is currently showing that you have no credentials configured, because you haven't done anything to specify that you want to use one of those profiles in your config/credential files.
If you did something to select a profile, like:
export AWS_PROFILE=cicd
Then you would see some details about that particular profile when you run aws configure list.

AWS S3: Unable to load credentials into profile

When I access S3 from CLI, it returns the buckets.
aws s3 ls druid-s3-bucket
PRE pccpdevint/
PRE test-druid/
2022-03-15 21:41:36 4 tes
But from the SDK, it fails with the error
Unable to load credentials into profile [druidbotint]: AWS Access Key ID is not specified., com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper#2ff8d560: Failed to connect to service endpoint: , com.amazonaws.auth.InstanceProfileCredentialsProvider#3cad42b9: Failed to connect to service endpoint: ]
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136) ~[aws-java-sdk-core-1.12.37.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1266) ~[aws-java-sdk-core-1.12.37.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:842) ~[aws-java-sdk-core-1.12.37.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:792) ~[aws-java-sdk-core-1.12.37.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:779) ~[aws-java-sdk-core-1.12.37.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:753) ~[aws-java-sdk-core-1.12.37.jar:?]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:713) ~[aws-java-sdk-core-1.12.37.jar:?]
I have a custom role and I have an external process to look up credentials
Here is the aws/credential file
[default]
source_profile = druidbotint
role_arn = arn:aws:iam::1233:role/worker-role
role_session_name = druidbotsession
[druidbotint]
credential_process = awsconnect -u druid_s -a 1233 -r custom_role -p conf
Here is the aws/config file
[profile conf]
region = us-west-2
Any idea what could be going wrong?

terraform running ansible on ec2 instance

I have Terraform trying that is trying to run Ansible when creating an ec2 instance.
resource "aws_instance" "jenkins-master" {
depends_on = [aws_main_route_table_association.set-master-default-rt-assoc, aws_kms_alias.master_ebs_cmk]
provider = aws.region-master
ami = data.aws_ssm_parameter.linuxAmi.value
instance_type = var.instance-type
key_name = aws_key_pair.master-key.key_name
associate_public_ip_address = true
vpc_security_group_ids = [aws_security_group.jenkins-sg.id]
subnet_id = aws_subnet.master_subnet_1.id
ipv6_address_count = 1
root_block_device {
encrypted = false
volume_size = 30
}
provisioner "local-exec" {
command = <<EOF
aws --profile myprofile ec2 wait instance-status-ok --region us-east-1 --instance-ids ${self.id} \
&& ansible-playbook --extra-vars 'passed_in_hosts=tag_Name_${self.tags.Name}' ansible_templates/install_jenkins.yaml
EOF
}
}
My terraform works if I export the key id and secret of "myprofile" as environmental variables
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYYYYYYY
If I do not export "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY" I get the following error
....
aws_instance.jenkins-master (local-exec): Executing: ["/bin/sh" "-c" "aws --profile myprofile ec2 wait instance-status-ok --region us-east-1 --instance-ids i-04db214244937ed60 \\\n&& ansible-playbook --extra-vars 'passed_in_hosts=tag_Name_jenkins_master_tf' ansible_templates/install_jenkins.yaml\n"]
....
aws_instance.jenkins-master (local-exec): [WARNING]: * Failed to parse /home/pcooke/workspace/learn-
aws_instance.jenkins-master (local-exec): terraform/modules/ansible_templates/inventory_aws/tf_aws_ec2.yml with auto
aws_instance.jenkins-master (local-exec): plugin: Insufficient boto credentials found. Please provide them in your
aws_instance.jenkins-master (local-exec): inventory configuration file or set them as environment variables.
aws_instance.jenkins-master (local-exec): [WARNING]: * Failed to parse /home/pcooke/workspace/learn-
aws_instance.jenkins-master (local-exec): terraform/modules/ansible_templates/inventory_aws/tf_aws_ec2.yml with yaml
aws_instance.jenkins-master (local-exec): plugin: Plugin configuration YAML file, not YAML inventory
aws_instance.jenkins-master (local-exec): [WARNING]: * Failed to parse /home/pcooke/workspace/learn-
aws_instance.jenkins-master (local-exec): terraform/modules/ansible_templates/inventory_aws/tf_aws_ec2.yml with ini
aws_instance.jenkins-master (local-exec): plugin: Invalid host pattern '---' supplied, '---' is normally a sign this is a
aws_instance.jenkins-master (local-exec): YAML file.
aws_instance.jenkins-master (local-exec): [WARNING]: Unable to parse /home/pcooke/workspace/learn-
aws_instance.jenkins-master (local-exec): terraform/modules/ansible_templates/inventory_aws/tf_aws_ec2.yml as an
aws_instance.jenkins-master (local-exec): inventory source
aws_instance.jenkins-master (local-exec): [WARNING]: No inventory was parsed, only implicit localhost is available
aws_instance.jenkins-master (local-exec): [WARNING]: provided hosts list is empty, only localhost is available. Note that
aws_instance.jenkins-master (local-exec): the implicit localhost does not match 'all'
aws_instance.jenkins-master (local-exec): [WARNING]: Could not match supplied host pattern, ignoring:
aws_instance.jenkins-master (local-exec): tag_Name_jenkins_master_tf
Is there a simple way to pass the AWS profile to Ansible so that Ansible can get the right key id and secret????

Is there a simple way to pass the AWS profile to Ansible so that Ansible can get the right key id and secret?
As what user is Ansible executing the task?
You should include the key id and secret in a config file on the system under that user:
$ cat /home/myuser/.aws/config
[default]
aws_access_key_id=...
aws_secret_access_key=...
region=...
output=...
This way, Ansible should read the key content from the system.
Another solution would be to add environment variables to the task:
- hosts: local_test
gather_facts: false
vars:
env_vars:
aws_access_key_id: abc
aws_secret_key: abc
tasks:
- name: Terraform stuff
shell: env
environment: "{{ env_vars }}"
register: my_env
- debug:
msg: "{{ my_env }}"
Note that describing secrets in a playbook isn't considered safe. In order to do that safely one can use Ansible-vault.

AWS CLI: The config profile could not be found

Currently working on deploying a yml file to CloudFormation and I have created this profile called awsbootsrap but when my script runs I get an error. My script:
#!/bin/bash
STACK_NAME=awsbootstrap
REGION=us-east-2c
CLI_PROFILE=awsbootstrap
EC2_INSTANCE_TYPE=t2.micro
# Deploy the CloudFormation template
echo $CLI_PROFILE
echo -e "\n\n=========== Deploying main.yml ==========="
aws cloudformation deploy --region $REGION --profile $CLI_PROFILE --stack-name $STACK_NAME --template-file main.yml --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM --parameter-overrides EC2InstanceType=$EC2_INSTANCE_TYPE
# If the deploy succeeded, show the DNS name of the created instance
if [ $? -eq 0 ]; then
aws cloudformation list-exports --profile awsbootstrap --query "Exports[?Name=='InstanceEndpoint'].Value"
fi
where $CLI_PROFILE=awsbootstrap
I get The config profile (awsbootstrap) could not be found
Running aws configure list-profile shows me my profile -> awsbootstrap
Running aws configure list shows
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None
My ~/.aws/config looks like this (have also tried with us-east-1 / us-east-2):
[profile awsbootstrap]
region = us-east-2c
output = json
My ~/.aws/credentials looks like this:
[awsbootstrap]
aws_access_key_id = redacted
aws_secret_access_key = redacted
I have no env variables that are creating issues...

Errors occurred wher using Chef-solo+vagran+AWS+ Mac OS X

I intended to using Vagrant,Chef-solo to establish a AWS environment.But I got some errors that I can not solve.Anybody can help me?
The steps I used:
Install all necessary environment on Mac OS X: such as vagrant, vagrant plugin, virtual box, chef, chef plugin and so on.
Download vagrant configuration files:
git clone https://github.com/ICTatRTI/ict-chef-repo
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
#config.vm.box_url = "https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_chef-11.2.0.box"
#config.vm.box = "opscode-ubuntu-1204"
config.vm.box = "dummy"
config.vm.network :forwarded_port, guest: 80, host: 8888
config.vm.network :forwarded_port, guest: 3306, host: 3333
config.ssh.username = "ubuntu"
config.vm.provider :aws do |aws, override|
#config.vm.provider :aws do |aws|
aws.access_key_id = 'XXXXXXXXXXXXXXXQ'
aws.secret_access_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
aws.keypair_name = "usr-aws-2013"
aws.availability_zone = "us-west-2c"
aws.instance_type = "t1.micro"
aws.region = "us-west-2"
aws.ami = "ami-0849a03f"
aws.security_groups = ['quicklaunch-1']
aws.tags = {
'Name' => 'tong',
'Description' => 'vagrant test'
}
override.ssh.private_key_path = "~/.ssh/usr-aws-2013.pem"
override.ssh.username = "ubuntu"
end
config.vm.provision :chef_solo do |chef|
chef.node_name = 'base'
chef.cookbooks_path = "./cookbooks"
chef.roles_path = "./roles"
chef.add_role "base"
chef.add_role "ushahidi"
end
end
Run:
vagrant up --provider=aws
Got the following errors
Bringing machine 'default' up with 'aws' provider...
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.9.1
[default] Warning! The AWS provider doesn't support any of the Vagrant
high-level network configurations (`config.vm.network`). They
will be silently ignored.
[default] Launching an instance with the following settings...
[default] -- Type: t1.micro
[default] -- AMI: ami-0849a03f
[default] -- Region: us-west-2
[default] -- Availability Zone: us-west-2c
[default] -- Keypair: usr-aws-2013
[default] -- Security Groups: ["quicklaunch-1"]
[default] -- Block Device Mapping: []
[default] -- Terminate On Shutdown: false
An error occurred while executing multiple actions in parallel.
Any errors that occurred are shown below.
An unexpected error ocurred when executing the action on the
'default' machine. Please report this as a bug:
The image id '[ami-0849a03f]' does not exist

Instance and AMI are different things and they have different numbers too. So if you have i-bddcf889 you cannot reference it in your Vagrantfile as ami-bddcf889.
Instead you don't have to create/start instance manually - you must provide ami from which Vagrant will create instance itself. For example take the one you made instance manually from.