Error creating AWS session: CredentialRequiresARNError: credential type source_profile requires role_arn

[scalp42]

Hi folks,

Reopening an issue as #22377 (comment) was closed but the issue is still there.

I see hashicorp/aws-sdk-go-base#4 but it's referring to providers and was asked in the past to open the same issue in this repository as it's handled by different teams probably?

Using Terraform 0.12.5 (as the S3 backend issue is still here for us), we're still running into somewhat the same issue as hashicorp/terraform-provider-aws#9617 except we can initialize the backend fine this time.

Using 2.20.0:

$> AWS_SDK_LOAD_CONFIG=1 AWS_REGION=us-west-2 terraform

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.iam.data.terraform_remote_state.shared_global: Refreshing state...
module.iam.data.terraform_remote_state.dev_global: Refreshing state...
module.route53.data.terraform_remote_state.dev_us_west_2_vpc_dev: Refreshing state...
module.iam.data.terraform_remote_state.global: Refreshing state...
module.iam.data.aws_iam_policy_document.ec2_eip: Refreshing state...
module.iam.data.aws_iam_policy_document.ec2_ebs: Refreshing state...
module.iam.data.aws_iam_policy_document.ec2_asg: Refreshing state...
module.iam.data.aws_iam_policy_document.instana_read_only: Refreshing state...
module.iam.aws_iam_policy.ec2_eip: Refreshing state... [id=arn:aws:iam::102727442189:policy/ec2_eip]
module.iam.aws_iam_policy.ec2_ebs: Refreshing state... [id=arn:aws:iam::102727442189:policy/ec2_ebs]
module.iam.aws_iam_policy.ec2_asg: Refreshing state... [id=arn:aws:iam::102727442189:policy/ec2_asg]
module.iam.data.aws_iam_policy_document.s3_wonolo_chef_usw2: Refreshing state...
module.iam.aws_iam_policy.s3_wonolo_chef_usw2: Refreshing state... [id=arn:aws:iam::102727442189:policy/s3_wonolo_chef_usw2]
module.iam.data.aws_iam_policy_document.route53_wonolo_dev_com_public: Refreshing state...
module.iam.data.aws_iam_policy_document.route53_wonolo_dev_com_private: Refreshing state...
module.iam.aws_iam_policy.route53_wonolo_dev_com_public: Refreshing state... [id=arn:aws:iam::102727442189:policy/route53_wonolo_dev_com_public]
module.iam.aws_iam_policy.route53_wonolo_dev_com_private: Refreshing state... [id=arn:aws:iam::102727442189:policy/route53_wonolo_dev_com_private]

Error: No valid credential sources found for AWS Provider.
  Please see https://terraform.io/docs/providers/aws/index.html for more information on
  providing credentials for the AWS Provider

  on <empty> line 0:
  (source code not available)

Using 2.26.0:

$> AWS_SDK_LOAD_CONFIG=1 AWS_REGION=us-west-2 terraform

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.iam.data.terraform_remote_state.shared_global: Refreshing state...
module.route53.data.terraform_remote_state.dev_us_west_2_vpc_dev: Refreshing state...
module.iam.data.terraform_remote_state.global: Refreshing state...
module.iam.data.terraform_remote_state.dev_global: Refreshing state...

Error: No valid credential sources found for AWS Provider.
  Please see https://terraform.io/docs/providers/aws/index.html for more information on
  providing credentials for the AWS Provider

  on <empty> line 0:
  (source code not available)



Error: Error creating AWS session: CredentialRequiresARNError: credential type source_profile requires role_arn, profile bridge

  on main.tf line 12, in provider "aws":
  12: provider "aws" {

Everything was working fine using 0.11.x with 2.20 and we're 100% sure it's not a credentials/bad setup with AWS creds.

TLDR:

• Terraform 0.12.8 = can't initialize due to S3 backend issue
• Terraform 0.12.5 and AWS provider 2.20 = broken with No valid credential sources found for AWS Provider
• Terraform 0.12.5 and AWS provider 2.26 = broken with No valid credential sources found for AWS Provider and CredentialRequiresARNError supposedly fixed in provider/openstack: Allow any protocol in openstack_fw_rule_v1 #9617

Thanks a lot in advance the migration to 0.12.x has been very painful and is still not successful for us.

[evandam]

Hi all, I'm seeing the same issue the AWS provider version 2.26. Any updates on this?

[ckellis]

I'm seeing the same issue on my end as well. I'm getting the exact two errors as above using AWS provider 2.26:

Error: No valid credential sources found for AWS Provider.
  Please see https://terraform.io/docs/providers/aws/index.html for more information on
  providing credentials for the AWS Provider

  on <empty> line 0:
  (source code not available)

Error: Error creating AWS session: CredentialRequiresARNError: credential type source_profile requires role_arn, profile bridge

  on main.tf line 12, in provider "aws":

[Freyert]

@scalp42 or @ckellis since both of you all are using source_profiles did you try explicitly adding the role_arn to the profile you are trying to use?

As per the GoDoc: https://godoc.org/github.com/aws/aws-sdk-go/aws/session#hdr-Assume_Role_configuration

[scalp42]

It's fixed now per #22994

Closing.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.