Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Atlantis in ECS Fargate fails to get custom aws provider - ERROR: failed to get shared config profile #35145

Closed
gatemken opened this issue May 10, 2024 · 4 comments
Closed

Atlantis in ECS Fargate fails to get custom aws provider - ERROR: failed to get shared config profile #35145

gatemken opened this issue May 10, 2024 · 4 comments
Labels
backend/s3 bug new new issue not yet triaged

Comments

@gatemken
Copy link

Terraform Version

Error running plan operation: running \"/home/atlantis/.atlantis/bin/terraform1.8.1 init -input=false -upgrade\" in \"/home/atlantis/.atlantis/repos/gsen/tftest/3/default/myrepotest/us-east-1/ecr/test\": exit status 1\n\nInitializing the backend...\n\n│ Error: failed to get shared config profile,

Terraform Configuration Files

provider.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
profile = "my-test"
region = "us-east-1"
}

backend.tf
terraform {
required_version = ">= 0.12.2"

backend "s3" {
region = "us-east-1"
bucket = ""
key = ""
dynamodb_table = ""
profile = "my-test"
encrypt = "true"
}
}

Create any test resource in your main.tf

Debug Output

Works fine when ran locally

Expected Behavior

ECS fargate should be able to find the profiles listed in ~/.aws/config

Actual Behavior

ECS on FARGATE fails to read profiles in ~/.aws/config

Steps to Reproduce

Deploy atlantis in ecs fargate using the terraform-atlantis-ecs module
setup gitlab or github webhooks
create your backend.tf and provider.tf and make sure profile are set.
i.e
provider "aws" {
profile = "my-test"
region = "us-east-1"
}

Removing profile = "my-test" works. keeping it leads to an error

Additional Context

Note: everything works if i don't specific a profile. For our use case, we need to be able to run terraform code locally and with atlantis. Specifying a provider is a MUST.

References

No response
@gatemken gatemken added bug new new issue not yet triaged labels May 10, 2024
@jbardin
Copy link
Member

jbardin commented May 10, 2024

Hi @gatemken,

You mention that removing the profile entry in the provider allows the configuration to work, but the error you presented indicates there was a problem with the backend configuration. Can you confirm which (or both) of the components is failing here?

Thanks!

@jbardin jbardin added the waiting-response An issue/pull request is waiting for a response from the community label May 10, 2024
@gatemken
Copy link
Author

@jbardin it is both. Specifying the profile keyword in providers.tf or backend.tf causes that error. not specifying the profile flag leads to successful plan/apply.

This is my Dockerfile:

FROM ghcr.io/runatlantis/atlantis:latest
COPY aws_config /home/atlantis/.aws/config

cat aws_config
[profile my-test]
role_arn = arn:aws:iam::account-id:role/my-aws-admin-role
credential_source = EcsContainer

terraform version 1.8.1 runs on the ecs container by atlantis.

I have try setting ENV in the ecs container and in the docker container but it still fails. you should be able to reproduce the issue.

FYI: This works perfectly fine, if i deploy atlantis on EC2 instance.

@jbardin jbardin added backend/s3 and removed waiting-response An issue/pull request is waiting for a response from the community labels May 10, 2024
@gatemken
Copy link
Author

I need this to work on EC2 Fargate not EC2 Instance. I would appreciate it if someone can reproduce the issue and work out a possible fix or workaround

@gatemken
Copy link
Author

This issue can be closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend/s3 bug new new issue not yet triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbardin @gatemken