Artifacts via S3 with standard AWS environment variables

367 views
Skip to first unread message

Chris Stevens

unread,
May 17, 2017, 8:56:00 AM5/17/17
to Nomad
I am running Nomad 0.5.6 on a developer VM that has the standard AWS environment variables set.

When I try to download artifacts from S3, I get the error:
failed to download artifact "s3::https://s3-us-west-2.amazonaws.com/{bucket}/path/to/file.tar.gz": NoCredentialProviders: no valid providers in chain

This is with the standard environment variables set:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

When I create configure the aws credentials files (both /root/.aws/config and /root/.aws/credentials) with the "default" AWS profile configured, the download issue goes away.

The nomad artifact docs indicate that bucket authentication **may** be provided via the options object.

The go-getter docs for S3 state that "it will also read these from standard AWS environment variables if they're set."

Should the artifact download work with just the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY set on the host running nomad?

Thanks!
Chris


Chris Stevens

unread,
May 17, 2017, 9:56:03 AM5/17/17
to Nomad
Another interesting data point:

If I remove the "s3::" prefix from the artifact source, it looks like the S3 getter detection isn't working:

Recent Events:
Time                   Type                      Description
05/17/17 13:50:40 UTC  Restarting                Task restarting in 18.24335564s
05/17/17 13:50:40 UTC  Failed Artifact Download  failed to download artifact "https://s3-us-west-2.amazonaws.com/{bucket}/path/to/file.tar.gz": bad response code: 403

This was from a scenario with the aws credentials files in place and was otherwise working.

Brian Lalor

unread,
May 17, 2017, 10:13:01 AM5/17/17
to Chris Stevens, Nomad
The great thing about standards is that there are so many to choose from. :-)  Try using AWS_ACCESS_KEY and AWS_SECRET_KEY; I believe that’s what Terraform expects.  This is really about how the Go AWS SDK gets configured.  I believe those variables are different depending on which SDK is used (Python, Go, etc.).

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/nomad/issues
IRC: #nomad-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Nomad" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nomad-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/d36c9b85-b64d-45c7-9958-720e526ca9bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

— 
Brian Lalor

signature.asc
Reply all
Reply to author
Forward
0 new messages