aws-artifact-store-setup.sh breaks on us-east-1 and fails silently when jq or AWS CLI is missing

[adarshsingh7470]

Contact Details [Optional]

Available via GitHub comments on this issue

System Information

Not applicable :- bug is in infra/scripts/aws-artifact-store-setup.sh shell script
File: infra/scripts/aws-artifact-store-setup.sh
Branch: main

What happened?

Found 3 breaking bugs in infra/scripts/aws-artifact-store-setup.sh:

Bug 1 — Script crashes on us-east-1 due to invalid LocationConstraint

Current code (~line 58):

aws s3api create-bucket \
    --bucket "$PREFIX" \
    --region "$REGION" \
    --create-bucket-configuration LocationConstraint="$REGION"

Error produced:

An error occurred (InvalidLocationConstraint): 
The specified location-constraint is not valid

AWS us-east-1 is the default region and does NOT accept
LocationConstraint in the create-bucket call. This is
an AWS API requirement — passing LocationConstraint=us-east-1
throws an error and the entire script fails.

Fix:

if [ "$REGION" != "us-east-1" ]; then
    aws s3api create-bucket \
        --bucket "$PREFIX" \
        --region "$REGION" \
        --create-bucket-configuration LocationConstraint="$REGION"
else
    aws s3api create-bucket \
        --bucket "$PREFIX" \
        --region "$REGION"
fi

---

Bug 2 — Script fails silently if jq is not installed

Current code (~line 75):

AWS_CREDENTIALS=$(aws iam create-access-key --user-name "$PREFIX")
AWS_ACCESS_KEY_ID=$(echo "$AWS_CREDENTIALS" | jq -r .AccessKey.AccessKeyId)
AWS_SECRET_ACCESS_KEY=$(echo "$AWS_CREDENTIALS" | jq -r .AccessKey.SecretAccessKey)

If jq is not installed, both AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY are silently set to empty strings.
The script continues running and registers a ZenML service
connector with empty credentials — which then fails at
runtime with a confusing auth error.

Fix — add dependency check at top of script:

if ! command -v jq &> /dev/null; then
    echo "Error: jq is required but not installed."
    echo "Install with: sudo apt-get install jq"
    exit 1
fi

---

Bug 3 — No check if AWS CLI is configured before running

Current code (~line 17):

ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

If AWS CLI is not installed or credentials are not configured,
this fails with a cryptic error and leaves partial resources
behind (the script has already set variables but not yet
triggered the trap properly).

Fix — add at top of script:

if ! command -v aws &> /dev/null; then
    echo "Error: AWS CLI is required but not installed."
    echo "Install guide: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html"
    exit 1
fi

if ! aws sts get-caller-identity &> /dev/null; then
    echo "Error: AWS credentials are not configured."
    echo "Run: aws configure"
    exit 1
fi

Reproduction steps

Bug 1 — us-east-1 crash:

REGION="us-east-1" ./aws-artifact-store-setup.sh

Script immediately fails with InvalidLocationConstraint error.

---

Bug 2 — jq missing:

# Uninstall jq temporarily
sudo apt-get remove jq

# Run script
./aws-artifact-store-setup.sh

# IAM user and access key are created in AWS
# but AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are empty
# ZenML service connector registered with empty credentials

---

Bug 3 — AWS CLI missing:

# On a fresh machine without AWS CLI
./aws-artifact-store-setup.sh
# Fails with: command not found: aws

Relevant log output

## Relevant Log Output field:
`
### Bug 1:
An error occurred (InvalidLocationConstraint): 
The specified location-constraint is not valid

### Bug 2:
jq: command not found
jq: command not found
(script continues silently with empty credentials)

### Bug 3:
aws-artifact-store-setup.sh: line 17: aws: command not found
`

---

Code of Conduct

• I agree to follow this project's Code of Conduct