ProcessAWSCredentialIdentityResolver issue

[conservative-dude]

Describe the bug

I have AWS config file with profiles, each of them has credential_process set. I tried both ProcessAWSCredentialIdentityResolver and ProfileAWSCredentialIdentityResolver but I can't make it work.

If I run credential_process manually in terminal, I'm getting a proper json file

{
  "Version": 1,
  "SessionToken": "<REDACTED>",
  "AccessKeyId": "<REDACTED>",
  "SecretAccessKey": "<REDACTED>",
  "Expiration": "<REDACTED>"
}

Expected Behavior

I can use profiles with credential_process

Current Behavior

when I try to access S3, I get AwsCommonRuntimeKit.CommonRunTimeError.crtError(AwsCommonRuntimeKit.CRTError(code: 6159, message: "Valid credentials could not be sourced by the process provider", name: "AWS_AUTH_CREDENTIALS_PROVIDER_PROCESS_SOURCE_FAILURE")).

Reproduction Steps

            let identityResolver = try ProcessAWSCredentialIdentityResolver(profileName: "DEV")

            let config: S3Client.S3ClientConfiguration
            config = try await S3Client.S3ClientConfiguration(
                awsCredentialIdentityResolver: identityResolver,
                awsRetryMode: .standard,
                maxAttempts: 3,
                region: "us-west-2"
            )

            // Create an Amazon S3 client using the configuration created above.
            client = S3Client(config: config)

Possible Solution

No response

Additional Information/Context

No response

AWS SWIFT SDK version used

1.0.56

Compiler and Version used

XCode 16, Swift 6

Operating System and version

MacOS Sequoia

[jbelkins]

Have you tried using your configured process credential provider with AWS CLI?

$ aws sts get-caller-identity --profile DEV

where the DEV profile is configured per this guide:
https://docs.aws.amazon.com/sdkref/latest/guide/feature-process-credentials.html#feature-process-credentials-detail-path

Let us know if CLI works with your configuration.

[conservative-dude]

Hi, yes, of course I tried, it all works fine

…

On 4 Feb 2025 at 21:26 +0000, Josh Elkins ***@***.***>, wrote: Have you tried using your configured process credential provider with AWS CLI? $ aws sts get-caller-identity --profile DEV where the DEV profile is configured per this guide: https://docs.aws.amazon.com/sdkref/latest/guide/feature-process-credentials.html#feature-process-credentials-detail-path Let us know if CLI works with your configuration. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: ***@***.***>

[sichanyoo]

@conservative-dude Could you copy-paste your credential_process line in the config here, redacted as needed?

[conservative-dude]

Sure, it is ``` [profile uat] credential_process = mytoolname -u myusername -a myaccountnumber -r myrolename region = us-west-2 ```

…

On 5 Feb 2025 at 17:22 +0000, Chan ***@***.***>, wrote: @conservative-dude Could you copy-paste your credential_process line in the config here, redacted as needed? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: ***@***.***>

[sichanyoo]

Thanks for that.

Is it possible to use the path of mytoolname custom command in the config, similar to examples in both the official AWS CLI documentation and the official AWS SDK documentation where the path to the script is given instead of its name? Might be worth trying that.

I think what might be happening is that AWS CLI resolves the command successfully because AWS CLI uses same shell environment to invoke it, and as long as that command is in your PATH it finds it just fine. But Swift SDK might not be finding that command and just returning command not found error behind the scene (wrapped by that AwsCommonRuntimeKit error you saw) bc the way it resolves and runs the command is different to AWS CLI.