Github Action: Configure-aws-credentials: Could not load credentials from any providers

Question

Trying to use configure-aws-credentials in a Github actions template and getting an error:

Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

This error has been discussed in several different forms.

I have the strange behaviour that this workflow is not working in one repo, but works fine in another. This repos have exactly the same secrets and the workflow code is the same. The only difference is in how I made the two repos: One is a clone of a specific branch, the other is a freshly made example.

I cant exactly post this as a bug as I cant reproduce the failure in repo I can share, but I fail to see how the two repos can be different in ways that impact using configure-aws-credentials?

Key workflow code in summary

name: 1 Initial 

permissions:
  id-token: write
  contents: read

jobs:
  create-s3-bucket:
    name: Create S3 Bucket
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v3
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}
          mask-aws-account-id: "no"
    
      - name: Create S3 Bucket
        run: |
          aws s3api create-bucket --bucket ${{ env.S3_PATH }} --region ${{ env.AWS_REGION }}  --create-bucket-configuration LocationConstraint=${{ env.AWS_REGION }}

Answer 1

I (sort of) fixed it.

I never really found the core reason for this behaviour. However, I think it has something to do with how the Github repos are tied up to its secrets.

FYI my use case is having a template in one repo that I can use to setup new repos with same structure/code.

Reproduce the error by

1. Start a new repo with the above and it will work fine
2. Make a branch of main i.e. template
3. Make a new repo from the template branch

git clone -b new-project /path/to/repo /new/repo/path

4. Change the remote add secrets etc

5. Using configure-aws-credentials@ will not work in the new repo

Solution / Alternative

Instead of basing the new repo on a branch from the template repo, I made the repo a template repo. Creating any new repo from this and configure-aws-credentials@ in any version works fine.

Answer 2

Was running this step with some previously set env vars that were breaking the action:

    Run aws-actions/configure-aws-credentials@v3
      with:
        role-to-assume: arn:aws:iam::xxxxxxxxxxxx:role/github-actions
        aws-region: eu-central-1
        audience: sts.amazonaws.com
      env:
        AWS_PROFILE: prod
        AWS_REGION: eu-central-1

After removing the env vars and passing all the necessary values on with, it started working.

    jobs:
      authenticate:
        name: auth
        runs-on: ubuntu-latest
        permissions:
          id-token: write
          contents: read
        env:
          # AWS_PROFILE: prod
          # AWS_REGION: eu-central-1
        steps:
          - name: Configure AWS Credentials
            uses: aws-actions/configure-aws-credentials@v4     
            with:
              role-to-assume: arn:aws:iam::xxxxxxxxxxxx:role/github-actions
              aws-region: eu-central-1

Upon further inspection, it is the AWS_PROFILE env vars that breaks the action., not AWS_REGION.

Answer 3

add

permissions: id-token: write # This is required for requesting the JWT contents: read

#before starting job#

name: Stage Deployment on: workflow_dispatch:

env: AWS_REGION: ap-south-1
ECR_REPOSITORY: service
permissions: id-token: write # This is required for requesting the JWT contents: read
jobs: deploy: name: Deploy runs-on: ubuntu-latest environment: staging

steps:
- name: Checkout
  uses: actions/checkout@v3

- name: Set up JDK
  uses: actions/setup-java@v3
  with:
    distribution: 'temurin' # See 'Supported distributions' for available options
    java-version: '17'

- name: Build with Maven
  run: mvn clean install

it is formatted properly by stackoverflow, hopefully u get the context