Open neilmayhew opened 6 years ago
Does the xxx
profile in ~/.aws/config
have an mfa_serial
or role_arn
? If so, I think I know why this would be problematic. aws-env
uses aws --profile="$SRC_PROFILE" sts get-session-token
when creating session credentials for MFA, but aws
will implicitly create session credentials before making the STS API call (which can't be called with session credentials). I can't think of a trivial fix for this. One possibility: aws-env
would have to parse ~/.aws/credentials
itself and then set the AWS_*
environment variables with those, rather than using aws --profile
.
I had a setup with a profile called
xxx
in~/.aws/config
and a source profile calledxxx
in~/.aws/credentials
. This seemed logical to me and it worked with plainaws
, ieaws --profile xxx
. However, it confusesaws-env --profile xxx
. Trying to run any command results in:At the least this restriction should be documented, and ideally it should be removed.