Open
Description
openedon Sep 20, 2024
Describe the bug
With setting up the aws config file to use alternative credential source, specificly in my test ecs.
[user@host ~]$ cat .aws/config
[default]
output = json
[profile myaccount]
role_arn = arn:aws:iam::000000000001:role/MyRoleName
credential_source = EcsContainer
The aws cli works fine, and able to use the role configured
[user@host ~]$ aws sts get-caller-identity --profile myaccount
{
"UserId": "AKIA2UC3BSXMEKZTLGM3:botocore-session-blablabla",
"Account": "000000000001",
"Arn": "arn:aws:sts::000000000001:assumed-role/MyRoleName/botocore-session-blablabla"
}
but when setting up in steampipe
[user@host ~]$ cat .steampipe/config/aws.spc
connection "myaccount" {
plugin = "aws"
regions = ["*"]
profile = "myaccount"
}
It fails on missing AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
[user@host ~]$ steampipe query
Welcome to Steampipe v0.24.2
For more information, type .help
> select * from myaccount.aws_account
Error: myaccount: EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set (SQLSTATE HV000)
> .quit
While I tried to guess the right value and setting it as an ENV variable, I could not make it work.
Steampipe version (steampipe -v)
v0.24.2
Plugin version (steampipe plugin list)
0.147.0
To reproduce
See main description above. I used CloudShell but any ECS cluster should do.
Expected behavior
Same as the cli just assume the role and collect data cross account.
Additional context
I try to use aggregator in cloudshell for AWS Orgs.
Activity