Home > OS >  AWS credentials work when in config file but not as env vars?
AWS credentials work when in config file but not as env vars?

Time:10-13

The command:

aws s3 ls

works fine when my credentials are stored in ~/.aws/credentials.

When I run the following bash script:

#! /usr/bin/env bash
env_vars=$(cat ~/.aws/credentials | tail -n  2 | sed -e 's/ *//g' | tr 'a-z' 'A-Z' | tr '\n' ' ')
echo ${env_vars}


env ${env_vars} aws s3 ls

which just extracts the env vars out of a config file, I get the error:

An error occurred (SignatureDoesNotMatch) when calling the ListBuckets operation: The request signature we calculated does not match the signature you provided. Check your key and signing method.

Given that the credentials are identical, what could be going wrong? Adding --region us-west-2 (my S3 region) doesn't help

CodePudding user response:

Assuming that the last two lines of your ~/.aws/credentials file are values for aws_access_key_id and aws_secret_access_key, and there's no extra environment variables causing trouble.

The problem is that your conversion script is mangling the secret key by uppercasing it.

aws_access_key_id is fine because it is always an uppercase string anyway, but aws_secret_access_key contains upper and lower case characters, as well as digits and symbols.

Alter your bash script similar to:

env_vars=$(cat ~/.aws/credentials | tail -n  2 | sed -e 's/ *//g' | awk -F = '{print toupper($1) "=" $2}' | tr '\n' ' ')

Which only uppercases the portion of the configuration file lines before the =.

  • Related