Cannot use credentials in memory; only awscli credentials #2
Description
When access key and secret key are exported to the shell environment (as env vars), boto3 will use them first before looking for credentials submitted via the awscli and --profile <value>.
spotlib currently fails authentication to AWS if credentials are environment variables. A pre-run test module must be developed that performs an authentication test to find out if the environment contains valid credentials. If yes, use them, if no keys in the environment, spotlib must then utilise awscli credentials.
The following code could be utilised as a pre-run test and branch on the results, performing the run.
try:
client = boto3.client('sts')
client.get_caller_identity()
except Exception:
print('try --profile')
Credential hierarchy for spotlib matches boto3:
- use in memory credentials if found & valid
- else use awscli credentials