Is there a way to pass a role name or otherwise specify an AWS_REGION in the example provided?

[joannbrereton]

Our typical AWS setup involves using a particular profile name that uses a role name, e.g. ~/.aws/config has

[profile myprofile]
role_arn = arn:aws:iam::<account number>:role/<rolename>
source_profile = default
region=us-east-1

Typically, this means that we either attach a --profile myprofile to all our aws-cli commands or more likely

export AWS_PROFILE=myprofile

ahead of doing any aws-cli commands.

However, summon with summon-aws-secrets doesn't seem to recognize AWS_PROFILE.

summon --provider summon-aws-secrets env

after setting AWS_PROFILE, I get

Error fetching variable AWS_ACCESS_KEY_ID: exit status 1: MissingRegion: could not find region configuration

Note that if I use

aws-cli ec2 describe-instances

that works fine, so my aws cli setup is valid.

Is there a way that I can pass the region , profile and role correctly to this in the case where I maintain multiple profiles?

[jepperson2]

In addition to this, is there a way for summon to use the region of the instance it is running on?

[doodlesbykumbi]

@joannbrereton Have you used the session package from the AWS SDK ? The docs suggest it should be possible to use the AWS_PROFILE env var. I'm wondering if the SharedConfig is interfering somehow. https://docs.aws.amazon.com/sdk-for-go/api/aws/session/#hdr-Shared_Config_Fields.

[doodlesbykumbi]

@jepperson2 I'll admit I don't know the ins and outs of the session package. It should be possible, I'm just not sure how. The best i can think of is to do the following AWS_REGION=$(some_bash_to_get_the_instance_region) where inspiration could be take from this StackOverflow post for example

[jepperson2]

Thanks, @doodlesbykumbi for your quick reply! It should indeed be possible (and easier than how I solved it), but it seems there is currently a limitation with the aws-go-sdk. See my PR for more details.

[joannbrereton]

I'll have a look and give that a try. THank you @doodlesbykumbi

On Thu, Jul 12, 2018 at 6:59 PM Jesse Epperson notifications@github.com wrote:

Thanks, @doodlesbykumbi https://github.com/doodlesbykumbi for your quick reply! It should indeed be possible (and easier than how I solved it), but it seems there is currently a limitation with the aws-go-sdk. See my PR for more details.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cyberark/summon-aws-secrets/issues/4#issuecomment-404676680, or mute the thread https://github.com/notifications/unsubscribe-auth/ADB9vtrRn3vEjvRa6FtjhO4q33ZnUPfYks5uF9TlgaJpZM4U2thC .

-- JoAnn Brereton

[apotterri]

@joannbrereton https://github.com/cyberark/summon-aws-secrets/releases/tag/v0.2.0 should fix the MissingRegion error. Does it resolves the rest of these issues as well?

[joannbrereton]

@apotterri Seems to be working now, Thank you!

[apotterri]

Ok, great, glad to hear it. I'll close this issue. Please feel free to open another if you run into further issues.

Thanks for using summon!