Originally posted by **wangzhihaocom** March 22, 2024
### Description
After I run `export AWS_PROFILE=some_profile` and then I run the command `trivy vm` to scan an AMI , and I got this following error
`2024-03-21T19:04:42.318Z INFO Need to update DB
2024-03-21T19:04:42.318Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2024-03-21T19:04:42.318Z INFO Downloading DB...
44.49 MiB / 44.49 MiB [---------------------------------------------------------------------------------------------] 100.00% 16.19 MiB p/s 2.9s
2024-03-21T19:04:45.685Z INFO Vulnerability scanning is enabled
2024-03-21T19:04:45.685Z INFO Secret scanning is enabled
2024-03-21T19:04:45.685Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:04:45.685Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:04:45.701Z FATAL vm scan error: scan error: unable to initialize a scanner: unable to initialize a vm scanner: aws config load error: failed to get shared config profile, dev-cloud-iam-infra`
But I use the same AWS_PROFILE , i can use my aws cli command as this the output
`aws s3 ls --profile dev-cloud-iam-infra`
2024-02-08 21:04:51 cf-templates-j1vskhoonux6-ap-east-1
2024-02-08 20:19:54 cf-templates-j1vskhoonux6-ap-northeast-1
2024-02-08 22:41:46 cf-templates-j1vskhoonux6-ap-southeast-1
2024-02-22 00:25:55 cf-templates-j1vskhoonux6-us-east-1
2023-11-15 21:33:05 cf-templates-j1vskhoonux6-us-east-2
2024-03-21 18:00:56 infstones-logs-dev-cloud
2024-02-29 18:44:58 infstones-logs-test-dev-cloud
Seems something wrong with trivy when export the AWS_PROFILE, and other is also there is no aws_profile flag option when using trivy
### Desired Behavior
After `export AWS_PROFILE=some__aws_profile`, the trivy should scan the VM with that aws_profie
### Actual Behavior
The actual Behavior is :
1. `export AWS_PROFILE=dev-cloud-iam-infra`
2. When I run the scan trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
3. I got this error
`zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
- scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
- unable to initialize a scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
- unable to initialize a vm scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
- aws config load error:
github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
/home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
- failed to get shared config profile, dev-cloud-iam-infra`
### Reproduction Steps
```bash
1. export AWS_PROFILE=dev-cloud-iam-infra
2. trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
3. Error
zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
- scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
- unable to initialize a scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
- unable to initialize a vm scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
- aws config load error:
github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
/home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
- failed to get shared config profile, dev-cloud-iam-infra
```
### Target
AWS
### Scanner
Vulnerability
### Output Format
None
### Mode
None
### Debug Output
```bash
trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
- scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
- unable to initialize a scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
- unable to initialize a vm scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
- aws config load error:
github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
/home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
- failed to get shared config profile, dev-cloud-iam-infra
```
### Operating System
ubuntu 22.04
### Version
```bash
trivy --version
Version: 0.49.1
Vulnerability DB:
Version: 2
UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC
NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC
DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
```
### Checklist
- [ ] Run `trivy image --reset`
- [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
Discussed in https://github.com/aquasecurity/trivy/discussions/6370