Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS_PROFILE environment variable overrides session credentials #4121

Open
dwilday opened this issue May 9, 2024 · 2 comments
Open

AWS_PROFILE environment variable overrides session credentials #4121

dwilday opened this issue May 9, 2024 · 2 comments
Assignees
@RyanFitzSimmonsAK
Labels
bug This issue is a confirmed bug. closing-soon This issue will automatically close in 4 days unless further comments are made. credentials p2 This is a standard priority issue response-requested Waiting on additional information or feedback.

Comments

@dwilday
Copy link

dwilday commented May 9, 2024

Describe the bug

When setting up a client or session if I pass in an aws_access_key_id, aws_secret_access_key, and region it will first attempt to make a connection using the environment variable set in AWS_PROFILE.

If this variable is set incorrectly, as in there is no matching profile, a ProfileNotFound exception is thrown.

This is problematic as I've had a user with this variable set and it took a great deal of time to track down why my software wouldn't work on their machine. Whether this is used for the actual connection to the service is irrelevant as this environment variable should have nothing to do with my connection if I am manually passing in my own credentials.

Expected Behavior

If credentials are passed into the constructor for either boto3.session.Session or boto3.client the environment variable AWS_PROFILE should not utilized and no exception should be raised.

Current Behavior

If the machine has an environment variable set for AWS_PROFILE incorrectly an exception is raised by botocore/session.py regardless of whether correct credentials are passed in via the constructor.

Reproduction Steps

os.environ['AWS_PROFILE'] = 'foo'
boto3.session.Session(aws_access_key_id=AWS_ACCESS_KEY,
                                    aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
                                    region_name=AWS_REGION)

Possible Solution

No response

Additional Information/Context

No response

SDK version used

1.34.43

Environment details (OS name and version, etc.)

Mac OS Sonoma 14.4.1
@dwilday dwilday added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels May 9, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK self-assigned this May 9, 2024
@RyanFitzSimmonsAK RyanFitzSimmonsAK added investigating This issue is being investigated and/or work is in progress to resolve the issue. credentials p2 This is a standard priority issue needs-review and removed needs-triage This issue or PR still needs to be triaged. investigating This issue is being investigated and/or work is in progress to resolve the issue. labels May 9, 2024
@RyanFitzSimmonsAK
Copy link
Contributor

RyanFitzSimmonsAK commented May 14, 2024
edited

Hi @dwilday, thanks for reaching out. This behavior is intended. Environment variables all need to be evaluated before credentials precedence, so AWS_PROFILE throwing an error before credentials are located makes sense. You can similarly test this with environment variables unrelated to credentials, such as AWS_MAX_ATTEMPTS. Setting it to a non-integer will throw an error well before any operations are attempted. Let me know if you have any follow-up questions.

@RyanFitzSimmonsAK RyanFitzSimmonsAK added response-requested Waiting on additional information or feedback. and removed needs-review labels May 14, 2024
@github-actions GitHub Actions
Copy link

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label May 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanFitzSimmonsAK RyanFitzSimmonsAK

Labels
bug This issue is a confirmed bug. closing-soon This issue will automatically close in 4 days unless further comments are made. credentials p2 This is a standard priority issue response-requested Waiting on additional information or feedback.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dwilday @RyanFitzSimmonsAK