Bug - CLI - AWS Plugin MFA Failing

kerren
kerren
Community Member
in CLI

Hi there,

I seem to be experiencing an issue with the CLI and AWS plugin where I select my credentials and try to run an aws command and I get the following error:

[ERROR] 2023/07/26 22:11:39 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file

I tried to do some debugging so I ran the command in debug mode and without cache:

1) Debug Mode

op plugin run --debug -- aws ls s3

Output

10:05PM | DEBUG | Session delegation enabled
10:05PM | DEBUG | NM request: NmRequestAccounts
10:05PM | DEBUG | NM response: Success
10:05PM | DEBUG | NM request: NmRequestAccounts
10:05PM | DEBUG | NM response: Success
10:06PM | DEBUG | InitDefaultCache: successfully initialized cache
10:06PM | DEBUG | EncryptedKeysets: Cache hit on keyset
10:06PM | DEBUG | Vault: cache hit on vault XXXXXXXXXX
10:06PM | DEBUG | VaultItems: cache hit on vault items of vault XXXXXXXXXX
10:06PM | DEBUG | Item: VaultItems cache hit for vault XXXXXXXXXX - validating staleness using item version
10:06PM | DEBUG | Item: cache hit on item YYYYYYYYYY of vault XXXXXXXXXX
[ERROR] 2023/07/26 22:06:01 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file

2) No Cache

op plugin run --debug --cache=false -- aws ls s3

Output

10:06PM | DEBUG | Session delegation enabled
10:06PM | DEBUG | NM request: NmRequestAccounts
10:06PM | DEBUG | NM response: Success
10:06PM | DEBUG | NM request: NmRequestAccounts
10:06PM | DEBUG | NM response: Success
[ERROR] 2023/07/26 22:06:40 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file

This seems to be a recent issue as it was working with my credentials before. I have looked at similar issues on the forum but none seem to have points on how to resolve it. A few extra troubleshooting points:

  1. I did have a YubiKey attached but I've removed that to ensure it's not the problem.
  2. I generated a new client access key and secret to ensure it's not that as a problem.
  3. I've verified that the MFA serial entry is correct in the 1Password credential.
  4. I have specified the default region in the 1Password credential.
  5. I've removed the ~/.aws/credentials file as per the instructions on setting up the 1Password CLI plugin.
  6. I am able to login with the MFA code, it's how I login to AWS through the console frontend.
  7. My CLI is version 2.19.0 and I use ZSH

Any assistance here would be much appreciated!

1Password Version: 8.10.9
Extension Version: 2.13.0
OS Version: Fedora 38
Browser: Brave

Comments

  • kerren
    kerren
    Community Member

    Hi all, is anyone else experiencing this issue? I've updated all software and I'm still experiencing this issue:

    [ERROR] 2023/07/31 15:36:00 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file
  • andi.t_1P
    andi.t_1P

    Hi @kerren! It seems like profile default cannot be found in your .aws/config file. Is your use case not dependent at all on the .aws/config file? In that case, I'd call this a bug and I'll file an issue internally. Is you .aws/config file present at all? If yes, what does it look like?

    Best,
    Andi

  • kerren
    kerren
    Community Member

    Hi @andi.t_1P thank you very much for your response :) I was able to resolve it with your help, however, I think it may still need to be a bug/issue raised because it doesn't seem like expected behaviour.

    Originally, I didn't have anything in the .aws/config file:

    $ cat .aws/config

~
$ aws s3 ls
[ERROR] 2023/08/01 19:46:59 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file

    As far as I understand, you don't necessarily need the .aws/config file for things to function?

    Anyways, I then made a [default] entry to see if that would help:

    $ cat .aws/config
[default]

~
$ aws s3 ls
# Output!!
# ...

    So it seems that there is a requirement for the .aws/config file to exist and for the [default] line to be there, even if there is nothing underneath it. It's probably not the worst thing to expect that so that people know what their defaults are, but I do think then this documentation would need to be altered to include the [default] entry in the .aws/config file as a prerequisite?

    Either way, @andi.t_1P thank you very much for the help, I'm super happy I'm able to use this again :)!!!

  • kerren
    kerren
    Community Member

    And for anyone else landing here that wants to understand the .aws/config file, have a look at this article on AWS for details.

  • jinux_go
    jinux_go
    Community Member
    edited October 2023

    Hi, @andi.t_1P

    I have experienced the same issue and resolved it by following the @kerren's method

    $ rm -rf ~/.aws/config
$ op plugin run --debug --cache=false -- aws ls s3
8:36PM | DEBUG | Session delegation enabled
8:36PM | DEBUG | NM request: NmRequestAccounts
8:36PM | DEBUG | NM response: Success
8:36PM | DEBUG | NM request: NmRequestAccounts
8:36PM | DEBUG | NM response: Success
[ERROR] 2023/10/25 20:37:00 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file
$ ls ~/.aws
config
$ cat ~/.aws/config # This prints nothing
$ op plugin run --debug --cache=false -- aws s3 ls
8:39PM | DEBUG | Session delegation enabled
8:39PM | DEBUG | NM request: NmRequestAccounts
8:39PM | DEBUG | NM response: Success
8:39PM | DEBUG | NM request: NmRequestAccounts
8:39PM | DEBUG | NM response: Success
(... and the output from aws cli follows)

    1Password for Mac 8.10.18 (81018040)
    aws-cli/2.13.17 Python/3.11.5 Darwin/22.6.0 source/arm64 prompt/off
    macOS 13.6 (Apple Silicon)

  • jinux_go
    jinux_go
    Community Member

    Hello @andi.t_1P
    I have experience the same issue and resolved it by following the @kerren's method.

    $ rm -rf ~/.aws
$ op plugin run --debug --cache=false -- aws ls s3
8:36PM | DEBUG | Session delegation enabled
8:36PM | DEBUG | NM request: NmRequestAccounts
8:36PM | DEBUG | NM response: Success
8:36PM | DEBUG | NM request: NmRequestAccounts
8:36PM | DEBUG | NM response: Success
[ERROR] 2023/10/25 20:37:00 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
source profile "default" does not exist in your AWS config file
$ cat ~/.aws/config # This prints nothing
$ echo '[default]' > ~/.aws/config
$ op plugin run --debug --cache=false -- aws s3 ls
8:39PM | DEBUG | Session delegation enabled
8:39PM | DEBUG | NM request: NmRequestAccounts
8:39PM | DEBUG | NM response: Success
8:39PM | DEBUG | NM request: NmRequestAccounts
8:39PM | DEBUG | NM response: Success
(... and the output from aws-cli follows)

    1Password for Mac 8.10.18 (81018040)
    aws-cli/2.13.17 Python/3.11.5 Darwin/22.6.0 source/arm64 prompt/off
    macOS 13.6 Apple Silicon

  • kerren
    kerren
    Community Member

    @jinux_go I'm glad it helped!

  • Liquidmantis
    Liquidmantis
    Community Member

    Thank you! I had this same issue using the Terraform plugin and this fixed it for me

    Adding the error for the search engines because it took me some experimenting to find this thread:
    [ERROR] 2023/12/06 14:17:22 could not run plugin Terraform CLI: failed to provision credentials, encountered error(s):
    source profile "default" does not exist in your AWS config file

  • kerren
    kerren
    Community Member

    @Liquidmantis I'm glad it helped! Thanks for adding additional context, I'm sure that'll help in future searches :)

This discussion has been closed.