aws-vault doesn't set the region and clears the AWS_DEFAULT_REGION environment variable
toast-gear opened this issue · comments
Steps to reproduce:
Have the following AWS env var set-up (in my case it's set in my .bashrc):
$ env|grep AWS
AWS_DEFAULT_REGION=eu-west-2
$ aws-vault exec creatureservices
$ env|grep AWS
# ~/.aws/config
[profile common]
output=json
[profile my-awesome-profile]
include_profile=common
Debug output below:
$ aws-vault exec my-awesome-profile --debug
2022/12/03 15:40:42 aws-vault v6.6.0
2022/12/03 15:40:42 Loading config file /Users/steve.random/.aws/config
2022/12/03 15:40:42 Parsing config file /Users/steve.random/.aws/config
2022/12/03 15:40:42 [keyring] Considering backends: [keychain]
2022/12/03 15:40:42 Profile 'default' missing in config file
2022/12/03 15:40:42 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/12/03 15:40:42 [keyring] Found 2 results
2022/12/03 15:40:42 profile my-awesome-profile: using stored credentials
2022/12/03 15:40:42 profile my-awesome-profile: using GetSessionToken
2022/12/03 15:40:42 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/12/03 15:40:42 [keyring] Found 2 results
2022/12/03 15:40:42 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2022/12/03 15:40:42 [keyring] Found 2 results
2022/12/03 15:40:42 [keyring] Querying keychain for service="aws-vault", account="sts.GetSessionToken,Y3JlYXR1cmVzZXJ2aWNlcw,,1670084827", keychain="aws-vault.keychain"
2022/12/03 15:40:42 [keyring] Found item "aws-vault session for my-awesome-profile (expires 2022-12-03T16:27:07Z)"
2022/12/03 15:40:42 Re-using cached credentials ****************FVLF from sts.GetSessionToken, expires in 46m24.218356s
2022/12/03 15:40:42 Setting subprocess env: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
2022/12/03 15:40:42 Setting subprocess env: AWS_SESSION_TOKEN, AWS_SECURITY_TOKEN
2022/12/03 15:40:42 Setting subprocess env: AWS_SESSION_EXPIRATION
2022/12/03 15:40:42 Exec command /opt/homebrew/bin/bash
2022/12/03 15:40:42 Found executable /opt/homebrew/bin/bash
- I am using the latest release of AWS Vault
- I have provided my
.aws/config
(redacted if necessary) - I have provided the debug output using
aws-vault --debug
(redacted if necessary)
EDIT equally setting the region in the ~/.aws/config
doesn't result in a region env var being set
AWS_DEFAULT_REGION
sets the region in the "default" section of the aws config.... and this seems to be working for me
$ export AWS_DEFAULT_REGION=us-west-1
$ aws-vault exec foobar
$ env | grep REGION
AWS_DEFAULT_REGION=us-west-1
AWS_REGION=us-west-1
Are you sure you're export
ing?
Yup, it clears it each time. Can you share what your aws config looks like sanitised as required?
It's odd, I've added in the default section and it seems to pickup both my set default profile and my region for the specific profile I'm execing just fine
$ aws-vault exec my-aws-profile --debug
2022/12/19 03:16:57 Setting subprocess env: AWS_DEFAULT_REGION=eu-west-1, AWS_REGION=eu-west-1
2022/12/19 03:16:57 Setting subprocess env: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
2022/12/19 03:16:57 Setting subprocess env: AWS_SESSION_TOKEN, AWS_SECURITY_TOKEN
2022/12/19 03:16:57 Setting subprocess env: AWS_SESSION_EXPIRATION
however env|grep REGION
prints nothing
EDIT this was happening because of a configuration error on my end. I have a whole other issue now but I'll raise a different issue for that to keep things clean.