Open mq3274 opened 2 months ago
Voting for Prioritization
Volunteering to Work on This Issue
Hey @mq3274 👋 Thank you for taking the time to raise this! In my experience, this type of error message almost always comes from issues with the credentials supplied to the provider. Are you able to test the credentials with the aws
CLI tool to verify they're working properly?
If the credentials are able to be validated, can you supply debug logs (redacted as needed) so that whoever picks this up has the necessary information in order to look into this?
Hello, I am seeing this error too. In my case, I'm trying to use a saved credential profile with the AWS_PROFILE
environment variable. AWS SDK and AWS CLI seem to be able to pick up the credentials just fine.
Here is my terraform and provider blocks for reference:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "=5.65"
}
}
backend "s3" {
bucket = "somebucket"
region = "us-east-1"
dynamodb_table = "tf-lock"
key = "somefile.tfstate"
}
}
provider "aws" {
region = local.Region
default_tags {
tags = module.tags.tags
}
}
Here is my redacted profile:
[profile my-profile]
sso_account_id=myAccountId
sso_region=us-east-1
sso_registration_scopes=sso:account:access
sso_role_name=myRoleName
sso_start_url=https://someid.awsapps.com/start/#
The error seems to suggest an attempt at refreshing the credentials. This is a bit perplexing given they are not expired when I run the command. I can view them in ~/.aws/sso/cache/<someId>.json
.
Here is the full redacted error:
Error: No valid credential sources found
│
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│
│ Error: failed to refresh cached credentials, operation error SSO:
│ GetRoleCredentials, exceeded maximum number of attempts, 3, https response
│ error StatusCode: 0, RequestID: , request send failed, Get
│ "https://portal.sso.us-east-1.amazonaws.com/federation/credentials?account_id=myAccountId&role_name=myRoleName":
│ dial tcp: lookup portal.sso.us-east-1.amazonaws.com: getaddrinfow: A
│ non-recoverable error occurred during a database lookup.
My platform is Windows 10.
Before attempting this I had been using environment variables to pass the key id, secret, and session token.
Terraform Core Version
1.9.3
AWS Provider Version
5.64.0
Affected Resource(s)
No response
Expected Behavior
Error: No valid credential sources found
Actual Behavior
Error: No valid credential sources found
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
suggest idea to resolve this issue
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None