AWS Credentials File not being read properly?

[Joe McCall]

According to the boto config docs, it seems as if the same ~/.aws/credentials file can be used with both boto and the AWS CLI. Unfortunately I'm not observing this behavior. Doing a little digging I think there might be a bug in boto's handling of the aws credentials file.

Version info:

2.20.1-2ubuntu2 - python2.7-boto
Python 2.7.6

Here's my test file, test_boto.py:

from boto import ec2

connection = ec2.connect_to_region('us-east-1')

print connection.get_all_instances()

And my credentials file, located in ~/.aws/credentials:

[default]
aws_access_key_id = <my access key id>
aws_secret_access_key = <my secret access key>

The credentials file works fine when I run the AWS CLI like so:

$ aws s3 ls
2013-11-05 20:52:45 my-bucket-1

2013-11-08 19:53:41 my-bucket-2

But when I run it on my test script I get the following:

$ python test_boto.py
Traceback (most recent call last):

  File "test_boto.py", line 2, in <module>

    connection = ec2.connect_to_region('us-east-1')

  File "/usr/lib/python2.7/dist-packages/boto/ec2/__init__.py", line 82, in connect_to_region

    return region.connect(**kw_params)

  File "/usr/lib/python2.7/dist-packages/boto/regioninfo.py", line 63, in connect

    return self.connection_cls(region=self, **kw_params)

  File "/usr/lib/python2.7/dist-packages/boto/ec2/connection.py", line 100, in __init__

    validate_certs=validate_certs)

  File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 1043, in __init__

    validate_certs=validate_certs)

  File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 559, in __init__

    host, config, self.provider, self._required_auth_capability())

  File "/usr/lib/python2.7/dist-packages/boto/auth.py", line 732, in get_auth_handler

    'Check your credentials' % (len(names), str(names)))

boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['QuerySignatureV2AuthHandler'] Check your credentials

I did some digging into the source code, and it seems to be expecting the credentials file in the form of this (~/.aws/credentials):

aws_access_key_id = <my access key id>
aws_secret_access_key = <my secret access key>

Notice I removed the [default] line. Now the AWS CLI no longer works:

$ aws s3 ls

Traceback (most recent call last):

  File "/usr/local/bin/aws", line 23, in <module>

    sys.exit(main())

  File "/usr/local/bin/aws", line 19, in main

    return awscli.clidriver.main()

  File "/usr/local/lib/python2.7/dist-packages/awscli/clidriver.py", line 60, in main

    driver = create_clidriver()

  File "/usr/local/lib/python2.7/dist-packages/awscli/clidriver.py", line 68, in create_clidriver

    load_plugins(session.full_config.get('plugins', {}),

  File "/usr/local/lib/python2.7/dist-packages/botocore/session.py", line 386, in full_config

    cred_profiles = botocore.config.raw_config_parse(cred_file)

  File "/usr/local/lib/python2.7/dist-packages/botocore/config.py", line 132, in raw_config_parse

    raise botocore.exceptions.ConfigParseError(path=path)

botocore.exceptions.ConfigParseError: Unable to parse config file: /home/joe/.aws/credentials

but test_boto.py does:

$ python test_boto.py
[Reservation:r-12345678a, Reservation:r-12345678b]

The workaround, of course, is to specify the credentials in two places: one for the AWS CLI and again in a ~/.boto file (or environment variables). This appears to be a bug in config.py. I think it should be disregarding the [default] section and only reading in the relevant variables, since it's adding the [Credentials] section on its own.

This might belong in the boto-dev list, but I wanted to run it over here first to make sure I wasn't using it wrong.

Thanks in advance!

Joe

[Victor Trac]

I have ~/.aws/config with the '[default]' line and a symlink from ~/.aws/credentials -> ~/.aws/config. This works fine for both boto and the AWS CLI tools.

Victor

--
You received this message because you are subscribed to the Google Groups "boto-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to boto-users+...@googlegroups.com.
To post to this group, send email to boto-...@googlegroups.com.
Visit this group at http://groups.google.com/group/boto-users.
For more options, visit https://groups.google.com/d/optout.

[Adrian Klaver]

On 11/05/2014 09:35 AM, Joe McCall wrote:
> According to the boto config docs

> <http://boto.readthedocs.org/en/latest/boto_config_tut.html>, it seems

> as if the same ~/.aws/credentials file can be used with both boto and
> the AWS CLI. Unfortunately I'm not observing this behavior. Doing a
> little digging I think there might be a bug in boto's handling of the
> aws credentials file.
>

> |
>

> The workaround, of course, is to specify the credentials in two places:
> one for the AWS CLI and again in a ~/.boto file (or environment
> variables). This appears to be a bug in config.py

> <https://github.com/boto/boto/blob/develop/boto/pyami/config.py#L73>. I

> think it should be disregarding the [default] section and only reading
> in the relevant variables, since it's adding the [Credentials] section
> on its own.

Or just put them in the .boto file. Testing here shows either the script
or the CLI will run if the credentials are in the .boto file only.

>
> This might belong in the boto-dev list, but I wanted to run it over here
> first to make sure I wasn't using it wrong.
>
> Thanks in advance!
>
> Joe
>
>
>

--
Adrian Klaver
adrian...@aklaver.com

[Adrian Klaver]

On 11/05/2014 09:35 AM, Joe McCall wrote:

>

> This might belong in the boto-dev list, but I wanted to run it over here
> first to make sure I wasn't using it wrong.

Meant to add to previous post.

Probably best just to file an issue:

https://github.com/boto/boto/issues

[Richard Vella]

I had the same issue. I was able to resolve it by removing extra whitespaces from the ~/.aws/credentials file.

[Sreedath Namangalam]

I had this problem some days back. Updating the boto package solved the problem for me. Is your boto package updated?