Merge pull request #3001 from sarguru/iam_profile_validation

Fail silently when account validation fails while from instance profile
2015-09-08 13:29:09 -05:00 · 2015-09-08 13:29:09 -05:00 · 8559b02099
parent 1b59d874fb 9abd74819e
commit 8559b02099
1 changed files with 11 additions and 1 deletions
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@ -213,8 +213,18 @@ func (c *Config) ValidateAccountId(iamconn *iam.IAM) error {
 	log.Printf("[INFO] Validating account ID")

 	out, err := iamconn.GetUser(nil)
+
 	if err != nil {
-		return fmt.Errorf("Failed getting account ID from IAM: %s", err)
+		awsErr, _ := err.(awserr.Error)
+		if awsErr.Code() == "ValidationError" {
+			log.Printf("[WARN] ValidationError with iam.GetUser, assuming its an IAM profile")
+			// User may be an IAM instance profile, so fail silently.
+			// If it is an IAM instance profile
+			// validating account might be superfluous
+		} else {
+			return fmt.Errorf("Failed getting account ID from IAM: %s", err)
+			// return error if the account id is explicitly not authorised
+		}
 	}

 	account_id := strings.Split(*out.User.Arn, ":")[4]