hashicorp / terraform-aws-vault

A Terraform Module for how to run Vault on AWS using Terraform and Packer
Apache License 2.0
659 stars 465 forks source link

install-vault uses a deprecated method to install awscli v1. Should be v2 #266

Open queglay opened 2 years ago

queglay commented 2 years ago

Describe the bug install-vault uses sudo yum install -y awscli curl unzip jq ...but it is no longer recommended to install aws cli this way and should be updated to use v2. On centos 7 you may encounter issues with this deprecated version such as:

[centos@ip-172-31-38-218 ~]$ /bin/aws
Traceback (most recent call last):
  File "/bin/aws", line 19, in <module>
    import awscli.clidriver
  File "/usr/lib/python2.7/site-packages/awscli/clidriver.py", line 37, in <module>
    from awscli.help import ProviderHelpCommand
  File "/usr/lib/python2.7/site-packages/awscli/help.py", line 24, in <module>
    from botocore.docs.bcdoc import docevents
ImportError: cannot import name docevents

The solution is to install aws cli v2 instead.

I install explicit versions like below: curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.5.4.zip" -o "awscliv2.zip" unzip -q awscliv2.zip sudo ./aws/install -b /usr/local/bin

It is difficult to determine the right approach with minor versions and dependencies. Perhaps the install should just check that a version is installed between a supported range of versions?

queglay commented 2 years ago

I wanted to also add this creates incompatibilities with other applications that require aws cli v2 if the aws command is added to PATH.