AWS CLI can't find credentials when run via Jamf due to root context #139
Description
Bug: AWS CLI can't find credentials when run via Jamf due to root context
Summary:
Hey Jamfers! Following the SOAR playbook for AWS I had a problem uploading to S3 with the error The config profile (aftermath) could not be found The upload to S3 failed with error code 255. It looks like the script assumes the AWS credentials are in /opt/.aws/ but when executed by Jamf (as root), the CLI actually looks in /var/root/.aws. As a result, the script fails to upload unless credentials are manually moved.
Steps to reproduce:
- Deploy the script via a Jamf policy.
- Use
jamf policy -eventto install AWS credentials to/opt/.awsor another user-space path. - Run the script and observe that the AWS CLI fails to find credentials.
Fix:
modified the script to explicitly copy the config and credentials from /opt/.aws to /var/root/.aws before calling the AWS CLI:
mkdir -p /var/root/.aws
cp /opt/.aws/config /var/root/.aws/config
cp /opt/.aws/credentials /var/root/.aws/credentials