AWS Credential Fallback to EC2 Instance Profile

[Kellen275]

My Workflow

Using Helmfile (v0.167.1 and v1.3.2), I have the following AWS SecretsManager vals ref:

mysecret: ref+awssecrets://mysecret?profile=dev

I have 2 types of users

1. Uses helmfile on a non-EC2 instance. They have a configured ~/.aws/config with the dev profile.
2. Uses helmfile on an EC2 instance. They do not have ~/.aws/config,and instead rely on their instance's IAM role.

Problem

I recently upgraded from Helmfile v0.167.1 (vals v0.37.3) to v1.3.2 (vals v0.43.5). Suddenly my EC2-based users could no longer template/sync their helmfiles, since the dev profile isn't defined on their machines

panic: failed to get shared config profile, dev

With the older version, it appears that it would automatically fall back to the instance's ambient credentials if the specified profile could not be found. Is there a method to achieve this same behavior in newer versions?

One work around I'm aware of is that my EC2 users can define an empty dev profile by creating an ~/.aws/config with

[profile dev]

However, it would be nice to avoid requiring my users to change their local environments.

[Kellen275]

Some additional context: This behavior appears to have began with vals v0.42.1, which contains the upgrade to AWS SDK for Go v2 #757

Helmfile v1.1.6 is when vals was bumped up to v0.42.1 and I can confirm that Helmfile v1.1.4 works as v0.167.1 does.

[Kellen275]

TYSM @yxxhero ❤️

[Kellen275]

@yxxhero I got around to testing this now, but am seeing a similar error. Now it's panicking about a missing default profile with the otherwise same situation (ref+awssecrets://...?profile=dev)

panic: failed to get shared config profile, default

[yxxhero]

@Kellen275 got it. I will create new PR for this. could you help to test branch?

[Kellen275]

LGTM @yxxhero . Thanks again!