OIDC and AWS - "no valid credential sources"

MrCrispy · September 12, 2023, 11:35am

Hi!

I’m exploring the use of Terraform cloud for our infra. I’m trying to do a very basic test case - just a few S3 buckets - and I’m getting an error every time I plan.

Workspace has been setup up in the UI with the TFC_AWS_PROVIDER_AUTH and TFC_AWS_RUN_ROLE_ARN set of the organisation. OIDC provider and an IAM role created in our sandbox account. terraform init completes successfully. terraform plan gives the following error:

│ Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│
│ AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
│
│
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 11, in provider "aws":
│   11: provider "aws" {

terraform and provider blocks:

terraform {
  
  cloud {
    organization = "org_name"
    workspaces {
      name = "sb_euw1_s3"
    }
  }
}

provider "aws" {
    region = var.aws_region
}

The trust policy on the OIDC provider looks correct but the error makes me think it’s not even getting that far. I’m at a loss as to what is happening here. Any idea what I’m missing?

Thanks.

apparentlymart · September 12, 2023, 8:38pm

Hi @MrCrispy,

I suspect that debugging this will require knowing exactly how you’ve configured your workspace environment variables, and so this seems like a question better asked through HashiCorp Support, where you’ll be able to share more information without disclosing it publicly.

The support team can also, with your permission, refer directly to certain settings in your workspace to look for potential problems that folks in this forum might not think to ask about.

If you do choose to contact the support team and you find a solution that does not disclose any sensitive information about your account in particular, it would be helpful to share some details here in case others with a similar question find this topic in future. Thanks!

MrCrispy · September 18, 2023, 10:34am

SOLVED!

I got in touch with Hashicorp support who made several suggestions. In the end my problem was that I was using the wrong project name in the trust policy for the AWS role. Once this was fixed the plan ran successfully.

Topic		Replies	Views
Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found AWS	7	10993	March 16, 2024
Failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds AWS	2	8863	March 18, 2024
Error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found AWS	13	38091	July 9, 2024
AWS backend: Error: No valid credential sources found Terraform Providers	2	24	November 22, 2024
Terraform plan fails - "error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found." AWS	0	674	September 29, 2022

OIDC and AWS - "no valid credential sources"

Related topics