Any workaround for not having a [default] profile in ~/.aws/credentials ?

[justintime]

Thanks for contributing your work. There's really not a lot available that allows someone to get a kickstart on their TF wrappers, and what you've built here looks like a great start.

We have 3 environments. In my ~/.aws/credentials file, I do not have a [default] section defined.

Running DEPLOY_ENV=dev PROJECT_NAME=simple-sg bundle exec rake plan would result in:

Unable to determine AWS credentials. Set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.
(error was: NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors)

If the error message above mentions requiring or modifying configuration
options, these are set using the `-backend-config` flag. Example:
-backend-config="name=foo" to set the `name` configuration
rake aborted!
Error running Terraform to configure state
/Users/justine/development/terraformations/Rakefile:72:in `block in <top (required)>'
Tasks: TOP => plan => configure_state
(See full trace by running task with --trace)

After debugging a bit, I found that it was getting stuck in the terraform remote config command. It appears as though the args in that task needs a args << "-backend-config='profile=#{deploy_env}'" inserted. However, adding that didn't seem to help. Even running the command interactively I was getting the same result, and then I found this PR for TF: hashicorp/terraform#5270. While merged, it's not present in the latest version of TF.

At this point, I'm wondering if I've done something wrong, or if you perhaps have a [default] section defined in your credentials file that gets you around that problem?

[gfoligna]

Same here! Please fix :)

[justintime]

I decided it would be more efficient just to parse out the aws config files and set the proper env vars in the Rakefile.

If you add this code to the top of the validate_environment task, it should get you working:

  require 'inifile'
  # Load our credentials
  ENV['AWS_ACCESS_KEY_ID'] = IniFile.load(File.join(File.expand_path('~'), '.aws', 'credentials'))deploy_env]['aws_access_key_id'] ||
    IniFile.load(File.join(File.expand_path('~'), '.aws', 'credentials'))['default']['aws_access_key_id']
  ENV['AWS_SECRET_ACCESS_KEY'] = IniFile.load(File.join(File.expand_path('~'), '.aws', 'credentials'))deploy_env]['aws_secret_access_key'] ||
    IniFile.load(File.join(File.expand_path('~'), '.aws', 'credentials'))['default']['aws_secret_access_key']
  # Load our config
  ENV['AWS_DEFAULT_REGION'] = IniFile.load(File.join(File.expand_path('~'), '.aws', 'config'))["profile #deploy_env}"]['region'] ||
    IniFile.load(File.join(File.expand_path('~'), '.aws', 'config'))['default']['region']

  if ENV['AWS_ACCESS_KEY_ID'].nil?
    warn "Unable to determine AWS_ACCESS_KEY_ID."
    exit 1
  end
  if ENV['AWS_SECRET_ACCESS_KEY'].nil?
    warn "Unable to determine AWS_SECRET_ACCESS_KEY."
    exit 1
  end
  if ENV['AWS_DEFAULT_REGION'].nil?
    warn "Unable to determine AWS_DEFAULT_REGION."
    exit 1
  end

[deanwilson]

Apologies for the delay in responding to this, I apparently have an issue receiving notifications on new issues.

I think you can get around this by using AWS_PROFILE=you_profile_name on the command line to select a profile.