Environment credentials are ignored by "aws ec2 describe-customer-gateways"

Question

So I'm trying to list the customer gateways in an account using AWS CLI. The problem is that I can only get it to work with credentials from a profile, not from environment variables.

I know I must be missing something simple here, but I can't for the life of me see what.

If I use a profile defined in ~/.aws/credentials, everything works fine:

$ aws sts get-caller-identity --profile devops-preprod-deploy
{
    "UserId": "AROAT6IOCTARVOTPZB4CD:botocore-session-1576056489",
    "Account": "123149340123",
    "Arn": "arn:aws:sts::123149340123:assumed-role/pdapreprod-deployment-role/botocore-session-1576056489"
}

$ aws ec2 describe-customer-gateways --profile devops-preprod-deploy
{
    "CustomerGateways": [
        {
            "BgpAsn": "65000",
            "CustomerGatewayId": "cgw-0123851d01236295b",
            "IpAddress": "123.58.165.123",
            "State": "available",
            "Type": "ipsec.1",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "Office"
                }
            ]
        }
    ]
}

If I use assume role and put the temporary credentials in the environment, it doesn't work:

$ export AWS_ACCESS_KEY_ID="ASIBT6IOCTNRTS..."
$ export AWS_SECRET_ACCESS_KEY="rNFhltabK9Rfk69xj/2..."
$ export AWS_SESSION_TOKEN="FwoGZXIvYXdzELT///////..."
$ aws sts get-caller-identity
{
    "UserId": "AROAT6IOCTARVOTPZB4CD:pdapreprod-deployment-role",
    "Account": "123149340123",
    "Arn": "arn:aws:sts::123149340123:assumed-role/pdapreprod-deployment-role/myname"
}

$ aws ec2 describe-customer-gateways
{
    "CustomerGateways": []
}

What am I doing wrong?

try putting an explicit region in the command line. e.g. `aws ec2 describe-customer-gateways --region us-east-1` . Replace the region with the one you expect the customer gateways to be located — kenlukas, Dec 11 '19 at 16:13

score 1 · Accepted Answer · answered Dec 11 '19 at 18:02

1

Quite likely you are querying a wrong region. There is a couple of ways to set it:

As an aws-cli parameter:

aws --region us-east-1 ec2 describe-customer-gateways

Environment variable:

AWS_DEFAULT_PROFILE=us-east-1
aws ec2 describe-customer-gateways

In ~/.aws/config:
```
[default]
region=us-east-1
```

Hope that helps :)

answered Dec 11 '19 at 18:02

MLu

24,849
5
59
86

It absolutely did. `AWS_DEFAULT_REGION=eu-central-1 aws ec2 describe-customer-gateways` did the trick. – mhvelplund Dec 12 '19 at 05:56

Environment credentials are ignored by "aws ec2 describe-customer-gateways"

1 Answers1