Open tf401 opened 1 year ago
hamid646m
commented
1 year ago did you try something like ?
[default]
region = eu-north-1
output = json
[my_profile]
role_arn = arn:aws:iam::<MY_OTHER_AWS_ACCOUNT_ID>:role/OrganizationAccountAccessRole
source_profile = default
tf401
commented
1 year ago Thanks for the fast reply, yes I've tried that.
Results in:
2022-07-12 12:43:52,621 [main] WARN s.a.a.p.internal.ProfileFileReader [NONE] - Ignoring profile 'my_profile' on line 12 because it did not start with 'profile ' and it was not 'default'.
So yeah, it is looking at the correct place (line 12, my config example is modified for the sake of clarity here). But adding 'profile' loops back to the initial error..
hamid646m
commented
1 year ago hmm, it would be useful to see how you are constructing Kinesis (or dynamodb) client
tf401
commented
1 year ago I'm basing my code on this post https://aws.plainenglish.io/aws-using-amazon-kinesis-client-library-python-9adfcd546012
Which itself is a implementation from AWS labs https://github.com/awslabs/amazon-kinesis-client-python/tree/master/samples
I implemented my solution on EC2 (no need for profile) and it works fine, so I can't se any issues with the code itself
hamid646m
commented
1 year ago that example is for python, in case of java, i would expect something like: https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/kinesis/src/main/java/com/example/kinesis/RegisterStreamConsumer.java#L47
tf401
commented
1 year ago Yes, I have the sample.properties file with
# Users can change the credentials provider the KCL will use to retrieve credentials.
# The DefaultAWSCredentialsProviderChain checks several other providers, which is
# described here:
#http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html
#AWSCredentialsProvider = DefaultAWSCredentialsProviderChain
AWSCredentialsProvider = com.amazonaws.auth.profile.ProfileCredentialsProvider|my_profilei'm interested in how you create your kinesis client, so in the example i mentioned, it looks like
KinesisClient kinesisClient = KinesisClient.builder()
.region(region)
.credentialsProvider(ProfileCredentialsProvider.create())
.build();how does yours look like?
tf401
commented
1 year ago I've purely used the amazon_kclpy python package, so no java code or manual creation of a kinesis client. Only a RecordProcessor as per example.
I raised an Issue in the amazon-kinesis-client-python repo instead, maybe the correct place.
lohrm-stabl
commented
1 year ago I think this is the right place, however, to have it as a reference here is the other issue that @tf401 created: https://github.com/awslabs/amazon-kinesis-client-python/issues/179.
I don't use the Java API too, but depend on the .properties file to configure the kinesis client.
For me it does not work too, but I get a different error:
WARNING: Found the legacy config profiles file at [/home/vscode/.aws/config]. Please move it to the latest default location [~/.aws/credentials].
2023-03-16 11:57:13,853 [multi-lang-daemon-0000] ERROR s.a.kinesis.coordinator.Scheduler - Caught exception when initializing LeaseCoordinator
java.lang.RuntimeException: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [com.amazonaws.auth.profile.ProfileCredentialsProvider@196ac3c2: Unable to load credentials into profile [profile test]: AWS Access Key ID is not specified.]Looks like KCL only supports the .aws/credentials file and not .aws/config, so does not support sso profiles at all?
richardwu
commented
9 months ago Any updates here?
This is similar to the closed issue [https://github.com/awslabs/amazon-kinesis-client/issues/178]
I followed the above issued solution but got the following error:
java.lang.RuntimeException: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [com.amazonaws.auth.profile.ProfileCredentialsProvider@7517b663: No AWS profile named 'my_profile']my named profile config file looks like this:
Best guess is that I need to provide path to profile configs but after a lot of searching I found no solution. It is nothing wrong with my credentials & config files since I can interact with the AWS cli and boto3 without problems.