AWS with MFA breaks if there's a credentials file #2064
Description
I'm trying to use Packer to make an Amazon EBS AMI. I have multi factor authentication set up for API access on my account. If I delete my ~/.aws/credentials file and add environment variables for AWS_ACCESS_KEY, AWS_SECRET_KEY, and AWS_SECURITY_TOKEN, then everything works. However, all of the following other ways fail (similar to #1544):
- If I don't have any of those environment variables and don't have any authentication information in my packer config file, but I have everything in my default profile in my ~/.aws/credentials file, then it does not work. I would expect Packer to read my security token from the credentials file, but it only reads the access key and secret key.
- If I specify the access key, secret key, and token in my packer config file, it doesn't work.
- If I specify the three environment variables but also have a default section in my ~/.aws/credentials file, it doesn't work.
This is a problem because the other services I use (eg, using the AWS CLI or using boto) rely on my ~/.aws/credentials file, which means that packer only works if I don't have a credentials file, and everything else is much more annoying without a credentials file.
It would be great if any of the following were true:
- I could tell Packer to ignore my ~/.aws/credentials file and use my environment variables
- I could tell Packer to ignore my ~/.aws/credentials file and use my packer config file
- Packer would read the session token from my ~/.aws/credentials file
I am using Packer 0.7.5. When running packer with PACKER_LOG=1, there wasn't any additional useful information.
If you are having trouble reproducing and need to set up an AWS account with session tokens for API access, let me know.