Confd ignores the role set on my aws config?

Question

I'm currently trying to setup a confd POC using SSM as provider for the keys, we currently have one account on AWS which is the root account and multiples roles to separate the environments.

currently my AWS config looks like that

[default]
region=eu-west-1
output=json
role_arn=arn:aws:iam::*:role/OrganizationAccountAccessRole

This works quite fine for me given the command

aws ssm get-parameters --names /eric

give me back the key I created for this poc

PARAMETERS  arn:aws:ssm:eu-west-1:*:parameter/eric * /eric  String  test    1

for confd though it does not

confd -onetime -backend ssm --log-level debug

2019-04-07T18:25:08Z 3ce95f057568 confd[359]: DEBUG Processing key=/eric
2019-04-07T18:25:08Z 3ce95f057568 confd[359]: DEBUG Got the following map from store: map[]
2019-04-07T18:25:08Z 3ce95f057568 confd[359]: DEBUG Using source template /etc/confd/templates/myconfig.conf.tmpl
2019-04-07T18:25:08Z 3ce95f057568 confd[359]: DEBUG Compiling source template /etc/confd/templates/myconfig.conf.tmpl
2019-04-07T18:25:08Z 3ce95f057568 confd[359]: ERROR template: myconfig.conf.tmpl:2:17: executing "myconfig.conf.tmpl" at <getv "/eric">: error calling getv: key does not exist: /eric
2019-04-07T18:25:08Z 3ce95f057568 confd[359]: FATAL template: myconfig.conf.tmpl:2:17: executing "myconfig.conf.tmpl" at <getv "/eric">: error calling getv: key does not exist: /eric

I did one short test and created the key /eric in the root account instead of the role account, after doing that it worked as I expected, which makes me wonder, is there any hidden configuration for confd to make it "use" the role? because currently it seems like it does not take the role into consideration.

my confd template looks like

[template]
src = "myconfig.conf.tmpl"
dest = "/tmp/myconfig.conf"
keys = [
    "/eric"
]

and my confd config looks like

database_url = {{getv "/eric"}}

Can someone give me any direction regarding this specific problem?

Answer 1

Ok, I found the issue, my AWS config has been completely ignored, after looking at the currently open pull requests for this project I found this one.

https://github.com/kelseyhightower/confd/pull/736, The author mentions

Existing session creation was ignoring AWS config options unless the env var AWS_SDK_LOAD_CONFIG was exported. The SharedConfigState option removes that need.

so yes setting the var AWS_SDK_LOAD_CONFIG to true made this, I assume that when this pr get merge this "workaround" will not be necessary.