Unable to locate credentials. you can configure credentials by running "aws configure"

Question

Problem :

I am having the shell script which should download some of the files from the S3 and mount the ebs drive. But I am facing following error

 "Unable to locate credentials".

I have already specified all the credentials with following command aws configure  but my commands only work outside the shell script. Can anybody guide me in resolving the issue?

Following is my shell script :

#!/bin/bash

AWS_CONFIG_FILE="~/.aws/config"

echo $1

sudo mkfs -t ext4 $1

sudo mkdir /s3-backup-test

sudo chmod -R ugo+rw /s3-backup-test

sudo mount $1 /s3-backup-test

sudo aws s3 sync s3://backup-test-s3 /s3-backup/test

du -h /s3-backup-test

ipt (short version):

Answer 1

If you have the .aws/config file with the roles then please make sure that your config file is correctly formatted. In my case I forgot to put the role_arn = in front of the arn. The default profile will sit in the .aws/credentials file and it contains the access key id and the secret access key of the iam identity.

The config file contains the following role details:

[profile myrole]

role_arn = arn:aws:iam::123456789012:role/My-Role

source_profile = default

mfa_serial = arn:aws:iam::987654321098:mfa/my-iam-identity

region=ap-southeast-2

If you want you can easily test the access by calling

aws sts get-caller-identity --profile myrole

If you are having the MFA enabled like I have then you will need to enter it when prompted as follows:

Enter MFA code for arn:aws:iam::987654321098:mfa/my-iam-identity:

{

"UserId": "ARABCDEFGHIJKLMNOPQRST:botocore-session-15441234567",

"Account": "123456789012",

"Arn": "arn:aws:sts::123456789012:assumed-role/My-Role/botocore-session-15441234567"

}

Answer 2

At the time I attempt to access my Amazon easy Storage Service (Amazon S3) bucket employing the AWS Command Line Interface (AWS CLI), I obtain the error "Unable to locate credentials." How can I solve this?

Resolution

The AWS CLI returns this error at the time it can't allocate the credentials to authenticate AWS API calls. You should be ensure that your AWS credentials are rightly configured in the AWS CLI.

To inspect in case the AWS CLI is configured with credentials, run this command:

$ aws configure list

In case your credentials are configured in the config file, the command returns a response same to the following:

     Name                    Value             Type    Location
     ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************ABCD      config_file    ~/.aws/config
secret_key     ****************ABCD      config_file    ~/.aws/config
    region                us-west-2              env    AWS_DEFAULT_REGION

 

In case your credentials are configured in an example profile, the command returns a response similar to the following:

      Name                Value                      Type           Location
     ----                 -----                      ----           --------
     profile                <not set>             None          None
access_key     ****************YVEQ      iam-role
secret_key     ****************2a9N       iam-role
       region                <not set>            None          None

Review the response to inspect whether credentials are missing or the stored credentials are false. In case so, update your credentials.

Note: The AWS CLI invokes credential providers in a earmarked order, and the AWS CLI stops invoking providers at the time it traces a place of credentials to use. This implies that in case you have credentials configured false on a credential provider with higher predominance, you obtain the "Unable to locate credentials" error. You obtain this error even in case credentials are configured accurately on a provider with lower precedence.