I'm using Terraform version 0.11.10 and I've setup the S3 backend and it works locally when I use AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables for authentication.
provider "aws" {
region = "eu-west-1"
}
terraform {
backend "s3" {
bucket = "terraform-state-xxxxx"
region = "eu-west-1"
key = "terraform/dev.tfstate"
dynamodb_table = "terraform-locks"
}
}
However when I try to run the exact same code in the hashicorp/terraform:0.11.10 Docker container on Codeship with the same environment variables it gives the following error:
Initializing the backend...
Error configuring the backend "s3": InvalidClientTokenId: The security token included in the request is invalid.
If I set skip_credentials_validation = "true" then I get the following:
InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
Why is it not using the credentials from the environment variables?
There is no ~/.aws/credentials file or any other place it could be getting credentials from that I am aware of.
In my case, I had tried to set the ACCESS_KEY_ID and SECRET_ACCESS_KEY as environment variables, but it turned out that I had also a ~/.aws/credentials -file that was used instead, and the provisioning of my box had set default values there. It seems that ~/.aws/credentials file is used and environment variables are not.