ruby AWS SDK using wrong credentials

Question

I'm having a slight issue with the AWS SDK.

I'm using the AWS SDK on an EC2 box to pull data I need about our services.

I'm passing it credentials via a secret and ID key however when it tries to pull the data I want it's using the IAM role that's assigned to the box rather then the credentials.

Thing is, this works perfectly fine in one of our environments but behaves differently in this one, what's going on?

Answer 1

The latest Ruby SDK checks credentials in the following order:

static_credentials -> env_credentials -> shared_credentials -> instance_profile_credentials

So if you are using static credentials you should be ok, but if you are exporting your key and secret as ENV vars ensure there are none already set using a different name.

The SDK looks for Env vars in this order:

AWS_ACCESS_KEY_ID -> AMAZON_ACCESS_KEY_ID -> AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY -> AMAZON_SECRET_ACCESS_KEY -> AWS_SECRET_KEY
AWS_SESSION_TOKEN -> AMAZON_SESSION_TOKEN

Make sure you are exporting both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY by doing something along the lines of:

export AWS_ACCESS_KEY_ID=ASIAXXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

There has been multiple changes to the ordering and names of the keys over the years so if your environments are running different versions of the SDK it is unsurprising if you are having problems. If you can't update to the latest SDK perhaps try taking a look at the SDK source to see what order the version you are using evaluates in.