Skip to content

Commit 8dab805

Browse files
eliecharraeliecharra
authored
Merge pull request #1557 from snyk/fix/better_aws_err_message
fix: Better error messages for AWS auth
2 parents 66520e6 + 6b13f90 commit 8dab805

File tree

1 file changed

+19
-3
lines changed

1 file changed

+19
-3
lines changed

pkg/remote/aws/provider.go

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,9 @@ package aws
33
import (
44
"github.com/aws/aws-sdk-go/aws/credentials"
55
"github.com/aws/aws-sdk-go/aws/session"
6+
"github.com/aws/aws-sdk-go/service/sts"
67
"github.com/pkg/errors"
8+
"github.com/sirupsen/logrus"
79
"github.com/snyk/driftctl/pkg/output"
810
"github.com/snyk/driftctl/pkg/remote/terraform"
911
tf "github.com/snyk/driftctl/pkg/terraform"
@@ -30,10 +32,10 @@ type awsConfig struct {
3032
IgnoreTagsConfig map[string]string
3133
Insecure bool
3234

33-
SkipCredsValidation bool
35+
SkipCredsValidation bool `cty:"skip_credentials_validation"`
3436
SkipGetEC2Platforms bool
3537
SkipRegionValidation bool
36-
SkipRequestingAccountId bool
38+
SkipRequestingAccountId bool `cty:"skip_requesting_account_id"`
3739
SkipMetadataApiCheck bool
3840
S3ForcePathStyle bool
3941
}
@@ -69,7 +71,12 @@ func NewAWSTerraformProvider(version string, progress output.Progress, configDir
6971
DefaultAlias: *p.session.Config.Region,
7072
GetProviderConfig: func(alias string) interface{} {
7173
return awsConfig{
72-
Region: alias,
74+
Region: alias,
75+
// Those two parameters are used to make sure that the credentials are not validated when calling
76+
// Configure(). Credentials validation is now handled directly in driftctl
77+
SkipCredsValidation: true,
78+
SkipRequestingAccountId: true,
79+
7380
MaxRetries: 10, // TODO make this configurable
7481
}
7582
},
@@ -99,5 +106,14 @@ func (p *AWSTerraformProvider) CheckCredentialsExist() error {
99106
if err != nil {
100107
return err
101108
}
109+
// This call is to make sure that the credentials are valid
110+
// A more complex logic exist in terraform provider, but it's probably not worth to implement it
111+
// https://github.com/hashicorp/terraform-provider-aws/blob/e3959651092864925045a6044961a73137095798/aws/auth_helpers.go#L111
112+
_, err = sts.New(p.session).GetCallerIdentity(&sts.GetCallerIdentityInput{})
113+
if err != nil {
114+
logrus.Debug(err)
115+
return errors.New("Could not authenticate successfully on AWS with the provided credentials.\n" +
116+
"Please refer to the AWS documentation: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html\n")
117+
}
102118
return nil
103119
}

0 commit comments

Comments
 (0)