You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that using the --profile argument breaks the --regions all mode.
custodian run --profile id_NNN --region all ... results in botocore.exceptions.NoRegionError: You must specify a region.
It works fine if I use a specific region or multiple regions, but all does not work. Alternatively, using the credentials associated with default (defined in .aws/credentials) instead of an alternate profile works as expected. For whatever it adds, this also fails if I export AWS_PROFILE=id_NNN beforehand as well instead of using the --profile custodian argument.
Without looking at the code, I'd guess this to be an issue with the config's default region not being picked up as expected when custodian initially gets the list of regions to iterate? The AWS CLI seems to pick it up, but maybe boto isn't respecting the region value from source_profile?
Traceback (most recent call last):
File "/home/sauer/venv/custodian/bin/custodian", line 8, in<module>sys.exit(main())
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/c7n/cli.py", line 363, in main
command(config)
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/c7n/commands.py", line 99, in _load_policies
policies += provider.initialize_policies(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/c7n/resources/aws.py", line 772, in initialize_policies
get_profile_session(options).client('ec2').describe_regions(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/boto3/session.py", line 299, in client
return self._session.create_client(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/session.py", line 997, in create_client
client = client_creator.create_client(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/client.py", line 161, in create_client
client_args = self._get_client_args(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/client.py", line 508, in _get_client_args
return args_creator.get_client_args(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/args.py", line 100, in get_client_args
final_args = self.compute_client_args(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/args.py", line 219, in compute_client_args
endpoint_config = self._compute_endpoint_config(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/args.py", line 369, in _compute_endpoint_config
return self._resolve_endpoint(**resolve_endpoint_kwargs)
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/args.py", line 474, in _resolve_endpoint
return endpoint_bridge.resolve(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/client.py", line 613, in resolve
resolved = self.endpoint_resolver.construct_endpoint(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/regions.py", line 229, in construct_endpoint
result = self._endpoint_for_partition(
File "/home/sauer/venv/custodian/lib/python3.10/site-packages/botocore/regions.py", line 277, in _endpoint_for_partition
raise NoRegionError()
botocore.exceptions.NoRegionError: You must specify a region.
Extra information or context
No response
The text was updated successfully, but these errors were encountered:
Describe the bug
It appears that using the
--profile
argument breaks the--regions all
mode.custodian run --profile id_NNN --region all ...
results inbotocore.exceptions.NoRegionError: You must specify a region.
It works fine if I use a specific region or multiple regions, but
all
does not work. Alternatively, using the credentials associated withdefault
(defined in .aws/credentials) instead of an alternate profile works as expected. For whatever it adds, this also fails if Iexport AWS_PROFILE=id_NNN
beforehand as well instead of using the --profile custodian argument.Without looking at the code, I'd guess this to be an issue with the config's default region not being picked up as expected when custodian initially gets the list of regions to iterate? The AWS CLI seems to pick it up, but maybe boto isn't respecting the region value from source_profile?
My ~/.aws/config looks generally like this:
What did you expect to happen?
I expected the policy to run in all regions the account specified by the profile.
Cloud Provider
Amazon Web Services (AWS)
Cloud Custodian version and dependency information
Policy
Relevant log/traceback output
Extra information or context
No response
The text was updated successfully, but these errors were encountered: