search

aws-actions / configure-aws-credentials

Configure AWS credential environment variables for use in other GitHub Actions.
MIT License
2.37k stars 461 forks source link

Credentials could not be loaded in self x64 windows hosted for aws-actions/configure-aws-credentials #1068

Closed stevenruizhang closed 1 week ago

stevenruizhang commented 2 months ago

Describe the bug

hi team, I install self-hosted runner according to git hub guideline in my local windows11 , and i use aws sso login , get the aws credential in my local. aws cli: image

according to this doc , if the local runner has access to AWS credentials, such as an EC2 instance, then you do not need to provide IAM user access key credentials to this action. We will use the standard AWS JavaScript SDK credential resolution methods to find your credentials, https://github.com/aws-actions/configure-aws-credentials

but seems like the results shows "Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers"

any configurations missing?

in the my terraform repo code, i use different profile setting in my local for different aws environment/account under different terraform folder(different terraform state file). So i need at least one profile can work in pipeline line, if also can configure the profile in git actions is perfect

give one aws dev account for example, i can use the profile approach setup resource in my local image

Expected Behavior

i suppose the result running the aws sts get-caller-identity in pipeline get the same result from my local aws sts command line , but get error in pipeline

Current Behavior

Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers image

Reproduction Steps

1) install the self x64 windows hosted in your local windows11 2) config the aws sso login in your local windows11 3) set below workflow file in the repo 4) trigger the pipeline manually

Workflow file for this run: name: 'Win_Deploy'

on: push: branches: [ "main" ] pull_request: workflow_dispatch:

permissions: id-token: write contents: read

jobs: build: name: 'Terraform' runs-on: self-hosted steps:

Clone the repository to the GitHub Actions runner

- name: Clone
  uses: actions/checkout@v2      
# Configure AWS Credentials
# You will need to replace <IAM_ROLE> with the IAM role ARN you created in the previous step
- name: Configure AWS Credentials
  uses: aws-actions/configure-aws-credentials@v1
  with:        
    aws-region: eu-central-1   
- name: Sts GetCallerIdentity
  run: |
      aws sts get-caller-identity
- name: List S3 bucket      
  run: |
      aws s3 ls    
- name: Publish on aws dev env
  if: github.ref == 'refs/heads/master'
  run: ./publish_win.ps1 dev

Possible Solution

No response

Additional Information/Context

No response

stevenruizhang commented 2 months ago

if i remove aws credential setting in pipeline, i will get Error: failed to get shared config profile, my-dev-admin-profile when execute terraform plan command line Workflow file for this run: name: 'Win_Deploy'

on: push: branches: [ "main" ] pull_request: workflow_dispatch:

permissions: id-token: write contents: read

jobs: build: name: 'Terraform' runs-on: self-hosted steps:

Clone the repository to the GitHub Actions runner

- name: Clone
  uses: actions/checkout@v2      
# Configure AWS Credentials
# You will need to replace <IAM_ROLE> with the IAM role ARN you created in the previous step
- name: Get AWS Configure List
  run: |
      aws configure list 
- name: Publish on aws dev env
  if: github.ref == 'refs/heads/master'
  run: ./publish_win.ps1 dev

publish_win.ps1: Param( [string]$Env = 'dev' ) if ($Env -eq 'dev') { Write-Host('dev') $currentPath = Get-Location Write-Host "Current Path 1: $currentPath" Write-Host('change path to \terraform\env\dev ') Push-Location .\terraform\env\dev Write-Host('terraform init') terraform init --plugin-dir D:\Rancher\terraform.terraform.d\terraform-plugin-cache Write-Host('terraform validate') terraform validate --json Write-Host('terraform fmt') terraform fmt Write-Host('terraform plan') terraform plan

} elseif($Env -eq 'stage') { Write-Host('stage') } else { Write-Host('prod') } pipeline error image

stevenruizhang commented 1 month ago

i execute aws sso login, and i can get dev profile result for aws configure list --profile my-dev-admin-profile in my local, but when running the pipeline i get error "Error loading SSO Token: Token for my-sso does not exist", is that any configuration missing? image

image

name: 'Win_Deploy'

on: push: branches: [ "main" ] pull_request: workflow_dispatch:

permissions: id-token: write contents: read

jobs: build: name: 'Terraform' runs-on: self-hosted steps:

Clone the repository to the GitHub Actions runner

- name: Clone
  uses: actions/checkout@v2      
# Configure AWS Credentials
# You will need to replace <IAM_ROLE> with the IAM role ARN you created in the previous step
- name: Get AWS Configure List
  run: |
      aws configure list --profile my-dev-admin-profile
- name: Publish on aws dev env
  if: github.ref == 'refs/heads/master'
  run: ./publish_win.ps1 dev
tim-finnigan commented 2 weeks ago

Thanks for reaching out, I think maybe we need to reopen https://github.com/aws-actions/configure-aws-credentials/issues/1051 to track the feature request for supporting SSO. Do you agree or have any updates on your end?

github-actions[bot] commented 1 week ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.