Cannot read from AWS instance IAM role for AWS provider (as of 5a15c02cbbea27d3f8345b5fe0f348a08a24fdb9)

[jszwedko]

It looks like the ability to read from an IAM instance role was lost for the AWS provider. This works fine in 0.6.1, but on the current HEAD of master I get:

Refreshing Terraform state prior to plan...

Error refreshing state: 1 error(s) occurred:

* 1 error(s) occurred:

* ValidationError: Must specify userName when calling with non-User credentials
        status code: 400, request id: [c3a9805f-30fe-11e5-b474-9f5062e1342d]

[jszwedko]

I think this may be related to #2730 cc/ @catsby

[catsby]

Hey @jszwedko so, are the creds you're using are IAM creds then?

[catsby]

Hey @jszwedko yeah, so I made an IAM user and tested to confirm. I added the right privileges and the error went away...

@phinze thoughts on what to do here? #2730 attempts to simply fail earlier in the process, not sure if I should just revert it or maybe trap a specific error here :/

[jszwedko]

@catsby aaah I see, so one fix would be to give the IAM role access to the IAM service.

[catsby]

aaah I see, so one fix would be to give the IAM role access to the IAM service.

@jszwedko can you confirm that worked for you?

[catsby]

Hey @jszwedko – #2959 should address this too

[jszwedko]

@catsby awesome, thank you. It turned out the IAM instance profile I was using already had permissions to hit the IAM service, but still errored. This issue persists in the now released 0.6.2.

[catsby]

yup, that's the then userName -> ValidationError thing when using a profile. Fixed in #2959 , thanks for following up!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.