Kitchen converge results in "unable to locate credentials"

I was using test-kitchen to be able to download a file from s3 bucket and for some reason the bash resource block fails with the following error.But, the command perfectly works when running the aws command independently through the aws cli

2017-01-26T14:53:35-05:00] ERROR: bash[download_bucket] (test-abc::default line 10) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
       ---- Begin output of "bash"  "/tmp/chef-script20170126-6920-utforf" ----
       STDERR: fatal error: Unable to locate credentials

bash block:

bash ‘download_bucket’ do
cwd Chef::Config[‘file_cache_path’]
code <<-EOH
aws s3 cp s3://test-abc/download-version/application-1 /tmp/kitchen/cache

I am passing an iam role to my kitchen.yml file and i do observe the IAM role attached to the instance that got created. I was also able to run the aws s3 cp command by logging into the instance using kitchen login and it works fine. It’s just fails while running kitchen converge. could any one elaborate on what could be the issue and how this can be resolved.


Where are your credentials stored and how are you telling this to the aws tool? If they’re in ~/.aws what’s probably happening is the aws tool is looking at the environment variable HOME to look in by default and it’s working when you’re sitting at a shell. However when using the bash resource, it is not a login shell, so you won’t have a HOME set.

You can set environment variables with the bash resource property environment. So you could pass a hard path to the config using AWS_CONFIG_FILE or set the credentials another way.

my credentials are stored in ~/.aws as i am using STS to generate tokens before convering chef-client using test kitchen.I have tried setting the envirornment variables with my bash resource having my proxy details and that seemed to work causing my chef-client successful. I observed in my kitchen.yml, the variable NO_PROXY=>, seems to be not applying but HTTP_PROXY and HTTPS_PROXY variables are getting applied. Is there a way we can make sure to configure NO_PROXY in my kitchen.yml so that chef client picks them up during chef-client.

thank you

http_proxy: <%= ENV[‘http_proxy’] %>
https_proxy: <%= ENV[‘https_proxy’] %>