Menu
On my amazon linux ec2 instance, I have the iam-role attached with proper permission, I ran the command $ sudo yum update .
After this I started getting the error Credential named assume-role-with-web-identity not found for command aws s3 ls.
But if I add sudo and run the command sudo aws s3 ls then it works fine.
Please help me to find the issue. Thanks in advance.
417
You can require users to set a source identity value when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. That way, actions that are taken with the role are associated with that user. After the source identity is set, the value cannot be changed.
While signed into the portal, choose the AWS Accounts icon to expand the list of accounts. Choose the AWS account from which you want to retrieve access credentials. Then, next to the IAM role name (for example Administrator), choose Command line or programmatic access.
role_arn. Specifies the ARN of the role to assume. web_identity_token_file. Specifies the path to a file which contains an OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
Downgraded the version of aws-cli and it got fixed. commands used:
$ curl https://s3.amazonaws.com/aws-cli/awscli-bundle-1.16.312.zip -o awscli-bundle.zip
$ unzip awscli-bundle.zip
$ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/bin/aws
You need to update botocore==1.12.201
pip install botocore==1.12.201
For detail refer here: https://github.com/aws/aws-cli/issues/4371#issuecomment-518792844
45
Looks like a known issue, take a look at https://github.com/aws/aws-cli/issues/4371
20
I had the same issue on macOS. Upgrading both botocore and awscli did the trick:
pip3 install --upgrade botocore awscli
To downgrade the ubuntu package, you can use:
$ apt-cache madison awscli
awscli | 1.18.69-1ubuntu0.18.04.1 | http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
awscli | 1.18.69-1ubuntu0.18.04.1 | http://us.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages
awscli | 1.14.44-1ubuntu1 | http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
awscli | 1.14.44-1ubuntu1 | http://us.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
Then select the correct one and install using apt-get:
$ sudo apt-get install awscli=1.14.44-1ubuntu1 -V
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be DOWNGRADED:
awscli (1.18.69-1ubuntu0.18.04.1 => 1.14.44-1ubuntu1)
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded.
Need to get 482 kB of archives.
After this operation, 4,870 kB disk space will be freed.
Do you want to continue? [Y/n]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
