[provider.aws v2.24.0] No valid credential sources found for AWS Provider.

[trentmillar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.7
+ provider.aws v2.24.0

Affected Resource(s)

• provider.aws v2.24.0

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
  profile = "btg"
}

Debug Output

terraform init --reconfigure                  

Initializing the backend...
bucket
  The name of the S3 bucket

  Enter a value: xxxxxxx
key
  The path to the state file inside the bucket

  Enter a value: us-west-2/development/terraform-infr.tfstate

region
  The region of the S3 bucket.

  Enter a value: us-west-2


Error: No valid credential sources found for AWS Provider.
        Please see https://terraform.io/docs/providers/aws/index.html for more information on
        providing credentials for the AWS Provider

Expected Behavior

I should successfully reinit my terraform project.

Actual Behavior

Error: No valid credential sources found for AWS Provider.

Steps to Reproduce

Confirmed the following:

• the credentials file is located in ~.aws\credentials with the contents,

  [btg]
  aws_access_key_id=...
  aws_secret_access_key=...
  

• don't have the env var AWS_PROFILE set
• do not pass the access or secret key directly into terraform, just the profile
• confirm the credential file works with the AWS CLI using the option --profile btg while executing any command

1. terraform apply

Important Factoids

I can init, apply, destroy,... without any changes if I simply rename the named profile in the the credentials file to [default] instead of [btg].

Another side affect to consider is after renaming the profile to default there is no warning or error even when the provide "aws" { ...'s profile is set to "btg"?

References

#6320 except I confirmed there is nothing funky (tabs, extra spaces) within the credentials file

[trentmillar]

I also ran this command with TF_LOG=debug,

TF_LOG=debug terraform init --reconfigure             
2019/09/02 18:03:31 [INFO] Terraform version: 0.12.7  
2019/09/02 18:03:31 [INFO] Go runtime version: go1.12.9
2019/09/02 18:03:31 [INFO] CLI args: []string{"/usr/local/bin/terraform", "init", "--reconfigure"}
2019/09/02 18:03:31 [DEBUG] Attempting to open CLI config file: /Users/trentm/.terraformrc
2019/09/02 18:03:31 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2019/09/02 18:03:31 [INFO] CLI command args: []string{"init", "--reconfigure"}

Initializing the backend...
2019/09/02 18:03:31 [DEBUG] command: asking for input: "bucket"
bucket
  The name of the S3 bucket

  Enter a value: a_bucket

2019/09/02 18:03:39 [DEBUG] command: asking for input: "key"
key
  The path to the state file inside the bucket

  Enter a value: a_key

2019/09/02 18:03:41 [DEBUG] command: asking for input: "region"
region
  The region of the S3 bucket.

  Enter a value: us-west-2

2019/09/02 18:03:44 [INFO] Setting AWS metadata API timeout to 100ms
2019/09/02 18:03:45 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id

Error: No valid credential sources found for AWS Provider.
        Please see https://terraform.io/docs/providers/aws/index.html for more information on
        providing credentials for the AWS Provider

[trentmillar]

I just inited a new project and the aws.provider is newer, * provider.aws: version = "~> 2.26"

It is still failing to resolve any !default profile's

TF_LOG=debug terraform apply -var-file="dev.tfvars"
2019/09/03 12:10:29 [INFO] Terraform version: 0.12.7  
2019/09/03 12:10:29 [INFO] Go runtime version: go1.12.9
2019/09/03 12:10:29 [INFO] CLI args: []string{"/usr/local/bin/terraform", "apply", "-var-file=dev.tfvars"}
2019/09/03 12:10:29 [DEBUG] Attempting to open CLI config file: /Users/trentm/.terraformrc
2019/09/03 12:10:29 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2019/09/03 12:10:29 [INFO] CLI command args: []string{"apply", "-var-file=dev.tfvars"}
2019/09/03 12:10:29 [INFO] Setting AWS metadata API timeout to 100ms
2019/09/03 12:10:29 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id

Error: No valid credential sources found for AWS Provider.
        Please see https://terraform.io/docs/providers/aws/index.html for more information on
        providing credentials for the AWS Provider

[redjab]

@trentmillar Have you found any solution to this? I'm running into the same issue where any non-default profile is simply ignored

[trentmillar]

@redjab No, I'm currently opening ~/.aws/credentials and manually changing the profiles to [default].

[bsakweson]

I just ran into this same problem today. When I changed the profile name to default, I am able to connect but not with the actual profile name.

[redjab]

I found it a bit easier to set AWS_PROFILE in the command line then run terraform apply rather than changing the creds file every time -- but it's still just a workaround. Would be great if this can be expressed in code instead.

[timrourke]

I'm still seeing the same behavior, running Terraform with the following versions:

Terraform v0.12.15
+ provider.aws v2.36.0

Changing my desired AWS profile name to [default] from its proper name definitely worked, but this is highly undesirable as a workaround; raises a fear that someone might use this workaround and then target the wrong AWS environment.

[woz5999]

I was just hit by this issue. In my case, the projects were already initialized and in use for some time utilizing the default profile but broke when I added the "provider" parameter to the backend configuration. Removing the .terraform folder from the local project and re-initializing solved the issue for me.

[bflad]

Hi folks 👋 Version 3.0 of the Terraform AWS Provider will include a few authentication changes that should help in this case. Similar enhancements and fixes were applied to the Terraform S3 Backend (part of Terraform CLI) in version 0.13.0-beta2.

The Terraform AWS Provider major version update will release in the next two weeks or so. Please follow the v3.0.0 milestone for tracking the progress of that release. If you are still having trouble after updating when its released, please file a new issue. Thanks!

[ghost]

This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!