Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

Here is the full error:
Please see Terraform Registry
│ for more information about providing credentials.

│ AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded


│ with provider[“registry.terraform.io/hashicorp/aws”],
│ on main.tf line 19, in provider “aws”:
│ 19: provider “aws” {

 backend "remote" {
 organization = "13xxxx"
 workspaces {
   name = "Example-Workspace"
   }
  }
   
 required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.16"
    }
  }

  required_version = ">= 1.2.0"
}

provider "aws" {
  region  = "us-west-2"
}

resource "aws_instance" "app_server" {
  ami           = "ami-08d70e59c07c61a3a"
  instance_type = "t2.micro"
}

Seems like it could be related to Required Additional Configuration When Using IMDSv2 – HashiCorp Help Center

Care to add more information about how the EC2 instance was setup and if you can access the IMDSv2 service from it?

I simply followed the 8 video AWS tutorial on Terrafon at the Terraform site, and this failure occurred on the 8th video where we are shown how to migrate the local files to Terraform Cloud. The code I pasted here came directly from the instructions provided by Terraform. I hope this helps.

I failed to notice this sentence before. Check out Authentication and Configuration of the Terraform Provider

If you’re referring to this video, at 03:50, you can see how the access key id and secret are configured.

Store Remote State | Terraform | HashiCorp Developer

I had the same problem.
I created variable set for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
but it seems it is not enough. I was getting

Warning: Value for undeclared variable
The root module does not declare a variable named "AWS_ACCESS_KEY_ID" but a value was found in file "/home/tfc-agent/.tfc-agent/component/terraform/runs/run-mdoPMhwPa6ePGrGS/terraform.tfvars". If you meant to use this value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these warnings, use the -compact-warnings option.

Warning: Value for undeclared variable
The root module does not declare a variable named "AWS_SECRET_ACCESS_KEY" but a value was found in file "/home/tfc-agent/.tfc-agent/component/terraform/runs/run-mdoPMhwPa6ePGrGS/terraform.tfvars". If you meant to use this value, add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these warnings, use the -compact-warnings option.

Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. Please see https://registry.terraform.io/providers/hashicorp/aws for more information about providing credentials. AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
with provider["registry.terraform.io/hashicorp/aws"]
on main.tf line 18, in provider "aws":
provider "aws" {

my provider config was

provider "aws" {
  region = var.region
  assume_role {
    role_arn = var.assume_role_arn
  }
}

but I had no
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY terraform variables in my terraform codes.

to fix it added

variable "AWS_SECRET_ACCESS_KEY" {
  default = ""
}

variable "AWS_ACCESS_KEY_ID" {
  default = ""
}

and updated provider section like the following?

provider "aws" {
  region = var.region
  assume_role {
    role_arn = var.assume_role_arn
  }
  access_key = var.AWS_ACCESS_KEY_ID
  secret_key = var.AWS_SECRET_ACCESS_KEY
}

Do I really set access_key and secret_key in provider and variables to make it work Terraform cloud?
I read terraform official docs but none of them mention about defining key in terraform provider. and GitHub - hashicorp/learn-terraform-cloud does not have access_key and secret_key in provider

I found the problem myself.
There are two different types of variables on variable set.
Terraform variable and Environment variable. and it is Terraform variable by default.
Ensure that you choose environment variable for AWS keys

after setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variable, I could run my plan without providing access key in provider aws

1 Like

Legend! Solution saved me a lot of time!