Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: NoCredentialProviders: no valid providers in chain. Deprecated. │ For verbose messaging see aws.Config.CredentialsChainVerboseErrors │ #1

Open
OmkarEnjem opened this issue Feb 1, 2022 · 6 comments

Comments

@OmkarEnjem
Copy link

Hi Team,

i have used the learn-terraform-aws-control-tower-aft code and updated with all variables and credentials, but i am landing on the below error. Any solution for this, i didn't see "AWSControlTowerExecution" role in aws console.

PS D:\aws\learn-terraform-aws-control-tower-aft> terraform plan

│ Error: error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::720276729955:role/service-role/AWSControlTowerExecution) cannot be assumed.│
│ There are a number of possible causes of this - the most common are:
│ * The credentials used in order to assume the role are invalid
│ * The credentials do not have appropriate permission to assume the role
│ * The role ARN is not valid

│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors


│ with module.aft.provider["registry.terraform.io/hashicorp/aws"].aft_management,
│ on .terraform\modules\aft\providers.tf line 12, in provider "aws":
│ 12: provider "aws" {



│ Error: error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::720276729955:role/AWSControlTowerExecution) cannot be assumed.

│ There are a number of possible causes of this - the most common are:
│ * The credentials used in order to assume the role are invalid
│ * The credentials do not have appropriate permission to assume the role
│ * The role ARN is not valid

│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors


│ with module.aft.provider["registry.terraform.io/hashicorp/aws"].tf_backend_secondary_region,
│ on .terraform\modules\aft\providers.tf line 26, in provider "aws":
│ 26: provider "aws" {



│ Error: error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::926801877456:role/AWSControlTowerExecution) cannot be assumed.

│ There are a number of possible causes of this - the most common are:
│ * The credentials used in order to assume the role are invalid
│ * The credentials do not have appropriate permission to assume the role
│ * The role ARN is not valid

│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors


│ with module.aft.provider["registry.terraform.io/hashicorp/aws"].audit,
│ on .terraform\modules\aft\providers.tf line 40, in provider "aws":
│ 40: provider "aws" {



│ Error: error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::081061263646:role/AWSControlTowerExecution) cannot be assumed.

│ There are a number of possible causes of this - the most common are:
│ * The credentials used in order to assume the role are invalid
│ * The credentials do not have appropriate permission to assume the role
│ * The role ARN is not valid

│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors


│ with module.aft.provider["registry.terraform.io/hashicorp/aws"].log_archive,
│ on .terraform\modules\aft\providers.tf line 54, in provider "aws":
│ 54: provider "aws" {

Thanks,
Omkar

@carlossicilia
Copy link

Any update on this? We're also running into the same problem.

@DimitrijeManic
Copy link

The AWSControlTowerExecution role was never created in any of accounts, How do I go about creating them?

@pedro-emidio-dr
Copy link

in my case the error was in the region settings of the ct_home_region and tf_backend_secondary_region parameters

@CraigDoesCode
Copy link

in my case the error was in the region settings of the ct_home_region and tf_backend_secondary_region parameters

what was the solve for you with these?

@dianibar
Copy link

dianibar commented Sep 2, 2024

Check that you are login to AWS using the control manager account user and not the aft account user:

$ aws sts get-caller-identity
{
"UserId": "AAAA….",
"Account": "CONTROL TOWER MANAGEMENT ACCOUNT ID",
"Arn": "arn:aws:iam::ACCOUNT_ID:user/USER"
}
https://developer.hashicorp.com/terraform/tutorials/aws/aws-control-tower-aft

@CraigDoesCode
Copy link

I

in my case the error was in the region settings of the ct_home_region and tf_backend_secondary_region parameters

what was the solve for you with these?

Simply adding a tf_backend_secondary_region solved this problem for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants