Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fatal error: [Errno 13] Permission denied: '/.aws' when using Environment credentials source #9075

Open
1 task
albgus opened this issue Nov 14, 2024 · 2 comments
Assignees
Labels
bug This issue is a bug. configuration p3 This is a minor priority issue

Comments

@albgus
Copy link

albgus commented Nov 14, 2024

Describe the bug

The AWS CLI seems to not respect the same configuration sources as the normal AWS SDK, instead it enforces the existence of a $HOME/.aws/config, and completely fails if it doesn't exist and can't be created... even if all the configuration was available through the environment.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

The AWS CLI should support all standard methods of passing AWS Credentials without arbitrary requirements

Current Behavior

The AWS CLI attempt to read/create a directory in $HOME and crashes if it can't, even if proper configuration was supplied through environment variables.

Reproduction Steps

Start a container with this image (or similar): https://hub.docker.com/r/bitnami/aws-cli

Mount credentials through environment, or IRSA: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

With this configuration the AWS CLI will fail with: fatal error: [Errno 13] Permission denied: '/.aws'

Possible Solution

Fail gracefully and attempt other configuration sources instead of attempting to create a non-existent directory. Honestly I don't see why it should create that directory at all if configuration is supplied through the environment.

Additional Information/Context

No response

CLI version used

aws-cli/2.21.0 Python/3.11.10 Linux/6.1.102 source/x86_64.debian.12

Environment details (OS name and version, etc.)

Docker: bitnami/aws-cli:latest

@albgus albgus added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 14, 2024
@adev-code adev-code self-assigned this Nov 18, 2024
@adev-code adev-code added investigating This issue is being investigated and/or work is in progress to resolve the issue. p3 This is a minor priority issue configuration and removed needs-triage This issue or PR still needs to be triaged. labels Nov 18, 2024
@adev-code
Copy link

Hi @albgus, thanks for reaching out. I have tried the same set-up and the reproduction steps, I did not get the same issue. Could you please check and clarify the $HOME and its permissions, as well as the user if it has necessary permissions to access and read directories. Thank you.

@adev-code adev-code added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Nov 26, 2024
@Rabutson
Copy link

Rabutson commented Dec 5, 2024

Hello @adev-code,

I think this may be similar to #4374

I can say that we have also had issues where we don't necessarily have or want write permissions in $HOME in k8s containers
in our case it's the creation of /.aws/cli/cache that causes the issue

I think the goal for both of us is some way not to generate any files, like an AWS_NO_CACHE environment variable.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue is a bug. configuration p3 This is a minor priority issue
Projects
None yet
Development

No branches or pull requests

3 participants