Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

13tgbn · March 24, 2023, 10:35pm

Here is the full error:
Please see Terraform Registry
│ for more information about providing credentials.
│
│ AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
│
│
│ with provider[“registry.terraform.io/hashicorp/aws”],
│ on main.tf line 19, in provider “aws”:
│ 19: provider “aws” {

 backend "remote" {
 organization = "13xxxx"
 workspaces {
   name = "Example-Workspace"
   }
  }
   
 required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.16"
    }
  }

  required_version = ">= 1.2.0"
}

provider "aws" {
  region  = "us-west-2"
}

resource "aws_instance" "app_server" {
  ami           = "ami-08d70e59c07c61a3a"
  instance_type = "t2.micro"
}

macmiranda · March 25, 2023, 1:06pm

Seems like it could be related to Required Additional Configuration When Using IMDSv2 – HashiCorp Help Center

Care to add more information about how the EC2 instance was setup and if you can access the IMDSv2 service from it?

13tgbn · March 25, 2023, 8:05pm

I simply followed the 8 video AWS tutorial on Terrafon at the Terraform site, and this failure occurred on the 8th video where we are shown how to migrate the local files to Terraform Cloud. The code I pasted here came directly from the instructions provided by Terraform. I hope this helps.

macmiranda · March 25, 2023, 8:42pm

I failed to notice this sentence before. Check out Authentication and Configuration of the Terraform Provider

macmiranda · March 25, 2023, 8:53pm

If you’re referring to this video, at 03:50, you can see how the access key id and secret are configured.

Store Remote State | Terraform | HashiCorp Developer

ismailyenigul · October 16, 2023, 3:54pm

I had the same problem.
I created variable set for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
but it seems it is not enough. I was getting

Warning: Value for undeclared variable
The root module does not declare a variable named "AWS_ACCESS_KEY_ID" but a value was found in file "/home/tfc-agent/.tfc-agent/component/terraform/runs/run-mdoPMhwPa6ePGrGS/terraform.tfvars". If you meant to use this value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these warnings, use the -compact-warnings option.

Warning: Value for undeclared variable
The root module does not declare a variable named "AWS_SECRET_ACCESS_KEY" but a value was found in file "/home/tfc-agent/.tfc-agent/component/terraform/runs/run-mdoPMhwPa6ePGrGS/terraform.tfvars". If you meant to use this value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these warnings, use the -compact-warnings option.

Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. Please see https://registry.terraform.io/providers/hashicorp/aws for more information about providing credentials. AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
with provider["registry.terraform.io/hashicorp/aws"]
on main.tf line 18, in provider "aws":
provider "aws" {

my provider config was

provider "aws" {
  region = var.region
  assume_role {
    role_arn = var.assume_role_arn
  }
}

but I had no
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY terraform variables in my terraform codes.

to fix it added

variable "AWS_SECRET_ACCESS_KEY" {
  default = ""
}

variable "AWS_ACCESS_KEY_ID" {
  default = ""
}

and updated provider section like the following?

provider "aws" {
  region = var.region
  assume_role {
    role_arn = var.assume_role_arn
  }
  access_key = var.AWS_ACCESS_KEY_ID
  secret_key = var.AWS_SECRET_ACCESS_KEY
}

Do I really set access_key and secret_key in provider and variables to make it work Terraform cloud?
I read terraform official docs but none of them mention about defining key in terraform provider. and GitHub - hashicorp/learn-terraform-cloud does not have access_key and secret_key in provider

ismailyenigul · October 16, 2023, 5:31pm

I found the problem myself.
There are two different types of variables on variable set.
Terraform variable and Environment variable. and it is Terraform variable by default.
Ensure that you choose environment variable for AWS keys

after setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variable, I could run my plan without providing access key in provider aws

tunyoka · March 16, 2024, 9:56pm

Legend! Solution saved me a lot of time!

Topic		Replies	Views
Failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds AWS	2	11445	March 18, 2024
Error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found AWS	14	39568	January 15, 2025
OIDC and AWS - "no valid credential sources" HCP Terraform hcp-terraform	3	1198	December 20, 2024
Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.(setup was working fine) AWS	1	1169	August 14, 2023
How to configure terraform AWS provider when the credentials are save in 1password Vault vault	1	368	April 17, 2023

Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

Related topics