Support for Govcloud?

[anitiangodfrey]

Hello, I was wondering if this should work with an account in aws govcloud? I was able to run awsls fine in a commercial account but kept getting access denied errors in govcloud even though I have the correct permissions. I added full admin just to test and got the same error.

For example:

awsls aws_s3_bucket --regions us-gov-west-1                                                                                                                    

Error aws_s3_bucket: AccessDenied: Access Denied
	status code: 403, request id: V7YZ57524P0Z6AX0, host id: V+A8voeaY3a9bVH12OFrVE9y4nlyC+GsaSoqv8k85W7/K39n6jVoYfLJ0zz3aZ6vV9jHQ5PUhk4=

But running just aws s3 ls returns a list of my buckets fine.

Thanks for your help!

[jckuester]

Hi @anitiangodfrey,

are you using a profile as credentials to access AWS or any other mechanism? Maybe it will help when I merge #29, as this provides some yet unsupported authentication mechanisms, such as SSO.

[anitiangodfrey]

Hey @jckuester, I'm using a profile but with MFA. My profile only gives me access to run the sts command to get my temp session credentials then I export those temp credentials as environment variables. Would awsls use my profile over my environment variables?

For reference https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html

[jckuester]

Can you try if govcloud works for you with the new release v0.10.0?

Would awsls use my profile over my environment variables?

This could actually be the case. Not sure what the precedence for the AWS CLI is, when both credentials and a profile is set via environment variables (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)?

[anitiangodfrey]

Looks like that was it. Having my AWS_PROFILE variable set along with the environment variables for my temporary credentials was causing my permission deny error. Unsetting AWS_PROFILE solved the issue, thanks for your help!

[gene1wood]

@jckuester This issue can be closed