Why can't ec2-consistent-snapshot find my AWS cert/keys?

amazon-ec2

Solution 1:

I see what the confusion is. It's very common on AWS and I didn't even notice the first time I read your description. You're passing the wrong credential objects in the command line options.

The ec2-consistent-snapshot program needs the "Access Key ID" and "Secret Access Key". These are completely different values from the "Certificate" and "Private Key", even though they are used to accomplish the same purpose.

Here's an article I wrote which tries to explain many of the different credentials and where to find them:

Understanding Access Credentials for AWS/EC2
http://alestic.com/2009/11/ec2-credentials

Solution 2:

I am the author/maintainer of ec2-consistent-snapshot (with thanks to other contributors of patches) and will be the first to admit that it tries too hard to find your AWS credentials by searching in too many places. Unfortunately, there is little consistency in where Amazon tools and other third party tools tell you to put your credentials. My goal was to avoid adding to this problem, so I figured it would be good to look in several of the most common places and use the first credentials found.

This works well for most scenarios, but it can cause problems if you have multiple, different AWS credentials stored in your file system, environment variables, and environment variables pointing to the file system.

The software makes a couple poor choices about prioritizing which values should override other values. For example, it looks like you are specifying --aws-access-key-id-file on the command line, but this will be overridden by the envariable $AWS_ACCESS_KEY_ID if it is set. Command line options should override environment or file system settings, but in this case it's getting confused because it's a specific value specified in the environment vs. a file path specified in the command line and it chooses specific values over values stored in a file somewhere.

Turn on the --debug command line option and look for debug output with the information like:

ec2-consistent-snapshot: Using AWS access key: ...

If this is the right access key id, then you might want to edit the program and add in a debug line directly afterwards that outputs the secret access key. If it is not the right access key id, then you'll want to look through the different places where the software looks for AWS credentials (see the manpage) and find where it is getting that information.

Note: In your debug line, I don't think the credentials are actually getting truncated in the software. I believe that is just the debugger saying that the actual values passed were longer than it cares to show.

Related

Force Munin email notifications only on status change, not on update
Can I get the original MAC address after it has been changed?
How to fix "405 - HTTP verb used to access this page is not allowed." on Windows web server 2008 RS2
How to use/debug Debian preseed with SSL using Startssl Certs
Ganeti master IP and cluster name
Linux :: Shared aliases in /etc/profile.d not applied to root user, why?
RemoteIpValve not doing it's job
Puppet: Checking sets of variables
find page size and number of pages of a process in linux
If fiber runs 1gig fine, are there any concerns when considering upgrading to 10gig transceivers?
VirtualBox: vboxsf filesystem wrongly detected as readonly?
Do I need to zero-fill a qcow2 image before compacting it?