Default env vars are aggressively chosen over specific env vars

[davidtwamley]

Orb Version 1.0.15

Default env vars AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY win over specific env vars like AWS_ACCESS_KEY_ID_BLUE and AWS_SECRET_ACCESS_KEY_BLUE when all are present. When using a config like the one found in the example

      - aws-s3/sync:
          arguments: |
            --acl public-read \
            --cache-control "max-age=86400"
          aws-access-key-id: AWS_ACCESS_KEY_ID_BLUE
          aws-region: AWS_REGION_BLUE
          aws-secret-access-key: AWS_SECRET_ACCESS_KEY_BLUE

You can break that example by creating environment vars named AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with junk values.

I expect "defaults" to be fall back values in this scenario.

We worked around it by naming both sets with suffixes and staying away from the default key names.

[gmemstr]

Very interesting - I can't see any reason why AWS_ACCESS_KEY_ID would take priority over AWS_ACCESS_KEY_ID_BLUE. Going to take this one internally.

[gmemstr]

It would appear that the env vars are being chosen by the AWS CLI - if I'm reading correctly, it will prefer the default environment variable names https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

[fr-ser]

If I set "override values" in the orb I would expect those to take precedence (even if my organization has some defaults in the environment). How about adding --profile default to the aws cli command? Edit: Or better yet. Instead of using profiles at all we could use the provided variables to use them in the line of the command itself. So: AWS_SECRET_KEY=... aws s3 cp

[EricRibeiro]

Hi folks!

Thank you for bringing this to our attention and for the suggestions.

This orb is meant to be an interface with the AWS CLI. Since the behaviour described in this issue exists by design, modifying it would defeat the purpose of the orb.