Open mbunde opened 8 months ago
andrew-aiken
commented
8 months ago From quickly looking at aws-vault you would need to export your temporary credentials locally.
Something like this also might work, just set the profile to default or whatever aws-vaults uses
aws-vault exec USERNAME -- ./cloudgoat.py create vulnerable_lambda
mbunde
commented
8 months ago it runs perfectly but fails at this during terrafrom plan face
[cloudgoat] terraform init completed with no error code.
Planning failed. Terraform encountered an error while generating this plan.
╷ │ Error: No valid credential sources found │ │ with provider["registry.terraform.io/hashicorp/aws"], │ on provider.tf line 1, in provider "aws": │ 1: provider "aws" { │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ Error: A Profile was specified along with the environment variables "AWS_ACCESS_KEY_ID" and │ "AWS_SECRET_ACCESS_KEY". The Profile is now used instead of the environment variable credentials. │
andrew-aiken
commented
8 months ago Ahh looks like aws-vault does not write to the ~/.aws/credentials
What might need to be done it get the temporary credentials and put them in that file so CloudGoat can use the profile from the config file.
Something like this
aws-vault exec USERNAME -- env | grep AWS
vim ~/.aws/credentials
---
[cloudgoat]
aws_access_key_id = ASIA...
aws_secret_access_key = .....
aws_session_token = .........
---
./cloudgoat.py config profile
./cloudgoat.py create vulnerable_lambda@mbunde Did this solve your issue?
Is it possible that when setting the profile in CloudGoat, it can reference profiles created in aws-vault? if this is possible, kindly guide the command structure in linux to achieve the same