Failed to load AWS_PROFILE when using trivy vm ami:<ami_id>

Discussed in https://github.com/aquasecurity/trivy/discussions/6370

^{Originally posted by **wangzhihaocom** March 22, 2024} ### Description After I run `export AWS_PROFILE=some_profile` and then I run the command `trivy vm` to scan an AMI , and I got this following error `2024-03-21T19:04:42.318Z INFO Need to update DB 2024-03-21T19:04:42.318Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2024-03-21T19:04:42.318Z INFO Downloading DB... 44.49 MiB / 44.49 MiB [---------------------------------------------------------------------------------------------] 100.00% 16.19 MiB p/s 2.9s 2024-03-21T19:04:45.685Z INFO Vulnerability scanning is enabled 2024-03-21T19:04:45.685Z INFO Secret scanning is enabled 2024-03-21T19:04:45.685Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:04:45.685Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:04:45.701Z FATAL vm scan error: scan error: unable to initialize a scanner: unable to initialize a vm scanner: aws config load error: failed to get shared config profile, dev-cloud-iam-infra` But I use the same AWS_PROFILE , i can use my aws cli command as this the output `aws s3 ls --profile dev-cloud-iam-infra` 2024-02-08 21:04:51 cf-templates-j1vskhoonux6-ap-east-1 2024-02-08 20:19:54 cf-templates-j1vskhoonux6-ap-northeast-1 2024-02-08 22:41:46 cf-templates-j1vskhoonux6-ap-southeast-1 2024-02-22 00:25:55 cf-templates-j1vskhoonux6-us-east-1 2023-11-15 21:33:05 cf-templates-j1vskhoonux6-us-east-2 2024-03-21 18:00:56 infstones-logs-dev-cloud 2024-02-29 18:44:58 infstones-logs-test-dev-cloud Seems something wrong with trivy when export the AWS_PROFILE, and other is also there is no aws_profile flag option when using trivy ### Desired Behavior After `export AWS_PROFILE=some__aws_profile`, the trivy should scan the VM with that aws_profie ### Actual Behavior The actual Behavior is : 1. `export AWS_PROFILE=dev-cloud-iam-infra` 2. When I run the scan trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1 3. I got this error `zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1 2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"] 2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null} 2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command. 2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy 2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest 2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC 2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled 2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library] 2024-03-21T19:15:52.141Z INFO Secret scanning is enabled 2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan] 2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml 2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled 2024-03-21T19:15:52.181Z FATAL vm scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.Run /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445 - scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269 - unable to initialize a scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.scan /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700 - unable to initialize a vm scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118 - aws config load error: github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39 - failed to get shared config profile, dev-cloud-iam-infra` ### Reproduction Steps ```bash 1. export AWS_PROFILE=dev-cloud-iam-infra 2. trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1 3. Error zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1 2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"] 2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null} 2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command. 2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy 2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest 2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC 2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled 2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library] 2024-03-21T19:15:52.141Z INFO Secret scanning is enabled 2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan] 2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml 2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled 2024-03-21T19:15:52.181Z FATAL vm scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.Run /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445 - scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269 - unable to initialize a scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.scan /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700 - unable to initialize a vm scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118 - aws config load error: github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39 - failed to get shared config profile, dev-cloud-iam-infra ``` ### Target AWS ### Scanner Vulnerability ### Output Format None ### Mode None ### Debug Output ```bash trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1 2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"] 2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null} 2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command. 2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy 2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest 2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC 2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled 2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library] 2024-03-21T19:15:52.141Z INFO Secret scanning is enabled 2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan] 2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml 2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled 2024-03-21T19:15:52.181Z FATAL vm scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.Run /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445 - scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269 - unable to initialize a scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.scan /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700 - unable to initialize a vm scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118 - aws config load error: github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39 - failed to get shared config profile, dev-cloud-iam-infra ``` ### Operating System ubuntu 22.04 ### Version ```bash trivy --version Version: 0.49.1 Vulnerability DB: Version: 2 UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC ``` ### Checklist - [ ] Run `trivy image --reset` - [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)

aquasecurity / trivy

Failed to load AWS_PROFILE when using trivy vm ami:<ami_id> #6372

Discussed in https://github.com/aquasecurity/trivy/discussions/6370