│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors
│
│ with provider["registry.terraform.io/eddycharly/kops"],
│ on provider.tf line 31, in provider "kops":
│ 31: provider "kops" {
If export AWS_SDK_LOAD_CONFIG=1 is set before launching Terraform, everything works correctly.
Is this intended behaviour and profiles must be always set explicitly in the provider block? That is a bit difficult to do with AssumeRole as that can be used, for example, with various SSO profiles that differ person to person or env to env even though the assumed role is identical.
Why[my best guess]
The code doing the AWS AssumeRole call does not load the shared config file (and the profile set in env variables) and attempts to make AWS API calls that are not properly authenticated. It seems that the profile code relies on the profile being specified explicitly.
What When the
AWS_PROFILEenvironment variable is set and theterraform-provider-kopsis instantiated asit fails to initialise properly, resulting in
If
export AWS_SDK_LOAD_CONFIG=1is set before launching Terraform, everything works correctly.Is this intended behaviour and profiles must be always set explicitly in the provider block? That is a bit difficult to do with AssumeRole as that can be used, for example, with various SSO profiles that differ person to person or env to env even though the assumed role is identical.
Why [my best guess]
The code doing the AWS AssumeRole call does not load the shared config file (and the profile set in env variables) and attempts to make AWS API calls that are not properly authenticated. It seems that the profile code relies on the profile being specified explicitly.
ref. https://github.com/eddycharly/terraform-provider-kops/blob/v1.26.0-alpha.1/pkg/config/config.go#L98