Open cafl opened 4 years ago
This also does not work from a EC2 instance that has an instance profile assigned and therefore straight access to AWS. Why are you forcing the --profile
or credential parameters?
This is the error I got:
$ cbr backup --region eu-west-2 --pool xxxxxx --dir /tmp/cognitobackup
fs.js:114
throw err;
^
Error: ENOENT: no such file or directory, open '/home/ec2-user/.aws/credentials'
at Object.openSync (fs.js:443:3)
at Object.readFileSync (fs.js:343:35)
at Object.readFileSync (/usr/lib/node_modules/cognito-backup-restore/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/usr/lib/node_modules/cognito-backup-restore/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/usr/lib/node_modules/cognito-backup-restore/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at Object.<anonymous> (/usr/lib/node_modules/cognito-backup-restore/build/cli/options.js:48:39)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
This is actually very easy to fix. Somebody already done that
I have his commit in my own fork of this repo. What's missing before it's final is to make some type of parameter to switch to this behavior
Can you please try using v1.3.1 and let me know if this is fixed?
I am trying v1.3.2 but it is still looking in .aws/credentials even when I give it a profile from .aws/config which has a role.
I am trying
cbr backup --profile my-role --region us-east-2 --userpool all
But it comes back asking for my AWS profile and offering the 2 I have in .aws/credential
Am I doing something wrong ?
I am trying v1.3.2 but it is still looking in .aws/credentials even when I give it a profile from .aws/config which has a role. I am trying
cbr backup --profile my-role --region us-east-2 --userpool all
But it comes back asking for my AWS profile and offering the 2 I have in .aws/credential Am I doing something wrong ?
I have this exact same issue with v1.3.2. I have an .aws/credentials file and an .aws/config file with the role. It keeps prompting me for the 2 entries I have in .aws/credential and ignores the profile name i passed in.
Any resolution on this?
It seems you only accept a key/password IAM credential. Using a role is a best practice. In the aws config file this is specified as follows (example from aws cli documentation): [profile marketingadmin] role_arn = arn:aws:iam::123456789012:role/marketingadminrole credential_source = Ec2InstanceMetadata