DefaultAWSCredentialIdentityResolverChain isn't resolving credentials from the aws profile #1874
Description
Describe the bug
The DefaultAWSCredentialIdentityResolverChain isn't resolving credentials from the aws profile in the order described here.
Here's a sample to demonstrate the bug
// sample-1
import AWSSDKIdentity
import AWSSTS
func defaultCreds() async throws {
let config = try await STSClient.STSClientConfiguration(region: "us-east-1")
let client = STSClient(config: config)
let identity = try await client.getCallerIdentity(input: GetCallerIdentityInput())
print(identity)
}
try await defaultCreds()Expected Behavior
Executing sample-1 with an AWS_PROFILE should successfully return the identity
$ AWS_PROFILE=my-profile-a swift run
Building for debugging...
[7/7] Applying aws-auth
Build of product 'aws-auth' complete! (3.40s)
GetCallerIdentityOutput(account: Optional("xxx"), arn: Optional("arn:aws:sts::xxx"), userId: Optional("xxx"))
Current Behavior
Executing sample-1 with an AWS_PROFILE fails currently
$ AWS_PROFILE=my-profile-a swift run
Building for debugging...
[7/7] Applying aws-auth
Build of product 'aws-auth' complete! (1.92s)
Swift/ErrorType.swift:253: Fatal error: Error raised at top level: AwsCommonRuntimeKit.CommonRunTimeError.crtError(AwsCommonRuntimeKit.CRTError(code: 6153, message: "Valid credentials could not be sourced by the IMDS provider", name: "AWS_AUTH_CREDENTIALS_PROVIDER_IMDS_SOURCE_FAILURE"))
Reproduction Steps
- Authenticating with aws cli
$ aws sso login --profile=my-profile-a
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:
https://oidc.us-east-1.amazonaws.com/...
Successfully logged into Start URL: https://xxx.awsapps.com/start/
- Verifying that the profile works
$ AWS_PROFILE=my-profile-a aws sts get-caller-identity
{
"UserId": "xxx",
"Account": "xxx",
"Arn": "arn:aws:sts::xxx"
}
- Executing
sample-1with an AWS_PROFILE
$ AWS_PROFILE=my-profile-a swift run
Building for debugging...
[7/7] Applying aws-auth
Build of product 'aws-auth' complete! (1.92s)
Swift/ErrorType.swift:253: Fatal error: Error raised at top level: AwsCommonRuntimeKit.CommonRunTimeError.crtError(AwsCommonRuntimeKit.CRTError(code: 6153, message: "Valid credentials could not be sourced by the IMDS provider", name: "AWS_AUTH_CREDENTIALS_PROVIDER_IMDS_SOURCE_FAILURE"))
Possible Solution
--
Additional Information/Context
Explicitly using SSOAWSCredentialIdentityResolver works as expected
// sample-2
import AWSSDKIdentity
import AWSSTS
func sso() async throws {
let identityResolver = try SSOAWSCredentialIdentityResolver()
let config = try await STSClient.STSClientConfiguration(awsCredentialIdentityResolver: identityResolver, region: "us-east-1")
let client = STSClient(config: config)
let identity = try await client.getCallerIdentity(input: GetCallerIdentityInput())
print(identity)
}
try await sso()$ AWS_PROFILE=my-profile-a swift run
Building for debugging...
[7/7] Applying aws-auth
Build of product 'aws-auth' complete! (3.40s)
GetCallerIdentityOutput(account: Optional("xxx"), arn: Optional("arn:aws:sts::xxx"), userId: Optional("xxx"))
AWS SWIFT SDK version used
1.0.70
Compiler and Version used
xcode version: 16.2 (16C5032a); Swift compiler version: 6.0.3.1.10 ;Swift tools-version: 6.0.0
Operating System and version
macos sequoia 15.2