From 45c9a10d0f775564f3a66f2abf21ccfb5ea0de14 Mon Sep 17 00:00:00 2001 From: clint shryock Date: Wed, 27 Jan 2016 16:30:03 -0600 Subject: [PATCH] provider/aws: Provide a better message if no AWS creds are found --- builtin/providers/aws/config.go | 8 +++++++- .../docs/providers/aws/index.html.markdown | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go index 1c9ab296d..51f3dfd03 100644 --- a/builtin/providers/aws/config.go +++ b/builtin/providers/aws/config.go @@ -120,7 +120,13 @@ func (c *Config) Client() (interface{}, error) { // error, and we can present it nicely to the user _, err = creds.Get() if err != nil { - errs = append(errs, fmt.Errorf("Error loading credentials for AWS Provider: %s", err)) + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" { + errs = append(errs, fmt.Errorf(`No valid credential sources found for AWS Provider. + Please see https://terraform.io/docs/providers/aws/index.html for more information on + providing credentials for the AWS Provider`)) + } else { + errs = append(errs, fmt.Errorf("Error loading credentials for AWS Provider: %s", err)) + } return nil, &multierror.Error{Errors: errs} } awsConfig := &aws.Config{ diff --git a/website/source/docs/providers/aws/index.html.markdown b/website/source/docs/providers/aws/index.html.markdown index e110e9f7c..3e70028c0 100644 --- a/website/source/docs/providers/aws/index.html.markdown +++ b/website/source/docs/providers/aws/index.html.markdown @@ -30,6 +30,23 @@ resource "aws_instance" "web" { } ``` +## Authentication + +The AWS provider offers flexible means of providing credentials for +authentication. Included is support including hard coded credentials, +environment variables, and shared credential files, in that order of precedence. + +Terraform will first attempt to use an `access_key` and `secret_key` provided in +the `provider` block (shown in the example above). If those are omitted, it will +attempt to discover those values by referencing the `AWS_ACCESS_KEY_ID` and +`AWS_SECRET_ACCESS_KEY` environment variables. Lastly, if those are not found +it will look for credentials in the default location for a credentials file, or +the file path specified in the `shared_credentials_file` attribute of the +`provider` block. + +See the argument reference below for information on which attributes to specify +to use a corresponding credential provider. + ## Argument Reference The following arguments are supported in the `provider` block: