-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Role to be assumed not being read from configuration file. #3142
AWS Role to be assumed not being read from configuration file. #3142
Comments
I'm guessing something like what is being done in aws-okta needs to be done. I'll see if I can get a pull request together. |
Hey @jwalters-gpsw, would you still like to take a stab at this? |
I've opened a PR on the AWS plugin to solve this: vmware-tanzu/velero-plugin-for-aws#168 |
I'm facing AccessDenied issue with merged PR #6598, @reasonerjt will submit a PR to fix it.
|
Seems this is b/c when velero is installed via CLI the credential file is set via environment variable. |
Closing this issue as fixed. |
Versions
Version: v1.3.2
AWS Plugin Version: 1.0.1
AWS EKS Version: 1.15
Description
Though my config file has role_arn and source_profile entries, it does not appear the role is being assumed.
Details
$ velero install --provider aws --plugins velero/velero-plugin-for-aws:v1.0.1 --bucket backup-velero --secret-file ./config
./config
Additional Information
I ran up another pod in the same cluster using the
mesosphere/aws-cli:latest
docker image. Thenexec
ed into the image and copied the same config (pointed to withAWS_CONFIG_FILE
environment variable ). All theaws s3
commands worked fine on the bucket.I suspect the
stscreds.NewCredentials
call needs to be used as described in Assume Role section here.The text was updated successfully, but these errors were encountered: