The following ~/.aws/profile doesn't work correctly:
[profile signing-ops]
credential_process = gimme-creds
region = us-west-2
[profile signing-root-us-west-2]
source_profile = signing-ops
role_arn = arn:aws:iam::000123456789:role/signing
region = us-west-2
The goal is for the signing-ops profile to vend creds that are allowed to assume the role specified in signing-root-us-west-2, but this always fails with the following error:
$ tuftool root add-key 99.root.json -k 'aws-kms://signing-root-us-west-2/alias/my-root-2023-08-23' -r root
failed to load credentials from the credentials cache
The following
~/.aws/profile
doesn't work correctly:The goal is for the
signing-ops
profile to vend creds that are allowed to assume the role specified insigning-root-us-west-2
, but this always fails with the following error: