Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to authenticate via aws_iam method #191

Open
adoyleplm opened this issue Nov 26, 2018 · 3 comments
Open

Unable to authenticate via aws_iam method #191

adoyleplm opened this issue Nov 26, 2018 · 3 comments

Comments

@adoyleplm
Copy link

I am unable to authenticate via the aws_iam method, using a slightly altered example from this code's inline comments:

# VAULT_ADDR set in env

irb(main):008:0> vault_token = Vault.auth.aws_iam(role="my_role", credentials_provider=Aws::InstanceProfileCredentials.new, route="my_route")
Vault::MissingTokenError: Missing Vault token! I cannot make requests to Vault without a token. Please
set a Vault token in the client:

    Vault.token = "42d1dee5-eb6e-102c-8d23-cc3ba875da51"

or authenticate with Vault using the Vault CLI:

    $ vault auth ...

or set the environment variable $VAULT_TOKEN to the token value:

    $ export VAULT_TOKEN="..."

Please refer to the documentation for more examples.

	from /usr/local/share/ruby/gems/2.0/gems/vault-0.12.0/lib/vault/client.rb:381:in `error'
	from /usr/local/share/ruby/gems/2.0/gems/vault-0.12.0/lib/vault/client.rb:291:in `request'
	from /usr/local/share/ruby/gems/2.0/gems/vault-0.12.0/lib/vault/client.rb:197:in `post'
	from /usr/local/share/ruby/gems/2.0/gems/vault-0.12.0/lib/vault/api/auth.rb:242:in `aws_iam'
	from (irb):8
	from /usr/bin/irb:12:in `<main>'

I am able to authenticate manually via the Vault CLI with IAM authentication.

Using latest Amazon Linux AMI with default Ruby.

ami-023c8dbf8268fb3ca

Ruby and Gems:

ruby --version
ruby 2.0.0p648 (2015-12-16) [x86_64-linux]

aws-eventstream (1.0.1)
aws-partitions (1.116.0)
aws-sdk-core (3.39.0)
aws-sdk-ec2 (1.59.0)
aws-sigv4 (1.0.3)
vault (0.12.0)
@tduffield
Copy link

So I ran into this problem too. I solved it by passing in all the parameters:

Vault.auth.aws_iam("my_role", Aws::InstanceProfileCredentials.new, nil, "https://sts.amazonaws.com", "my_route")

@haritaK1089
Copy link

@tduffield I tried passing all parameters but still no luck. Getting the same error. Here is how I'm trying to call it

Vault.auth.aws_iam("my-role", Aws::InstanceProfileCredentials.new, nil, 'https://sts.amazonaws.com/', nil)

Any suggestions where I'm going wrong.

@RRcwhiting
Copy link

yeah the AWS::InstanceProfileCredentials.new says "unable to sign request without credential set"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tduffield @haritaK1089 @adoyleplm @RRcwhiting