Failed to load AWS_PROFILE when using trivy vm ami:<ami_id> #6372
Labels
kind/bug
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Milestone
Discussed in #6370
Originally posted by wangzhihaocom March 22, 2024
Description
After I run
export AWS_PROFILE=some_profile
and then I run the commandtrivy vm
to scan an AMI , and I got this following error2024-03-21T19:04:42.318Z INFO Need to update DB 2024-03-21T19:04:42.318Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2024-03-21T19:04:42.318Z INFO Downloading DB... 44.49 MiB / 44.49 MiB [---------------------------------------------------------------------------------------------] 100.00% 16.19 MiB p/s 2.9s 2024-03-21T19:04:45.685Z INFO Vulnerability scanning is enabled 2024-03-21T19:04:45.685Z INFO Secret scanning is enabled 2024-03-21T19:04:45.685Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:04:45.685Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:04:45.701Z FATAL vm scan error: scan error: unable to initialize a scanner: unable to initialize a vm scanner: aws config load error: failed to get shared config profile, dev-cloud-iam-infra
But I use the same AWS_PROFILE , i can use my aws cli command as this the output
aws s3 ls --profile dev-cloud-iam-infra
2024-02-08 21:04:51 cf-templates-j1vskhoonux6-ap-east-1
2024-02-08 20:19:54 cf-templates-j1vskhoonux6-ap-northeast-1
2024-02-08 22:41:46 cf-templates-j1vskhoonux6-ap-southeast-1
2024-02-22 00:25:55 cf-templates-j1vskhoonux6-us-east-1
2023-11-15 21:33:05 cf-templates-j1vskhoonux6-us-east-2
2024-03-21 18:00:56 infstones-logs-dev-cloud
2024-02-29 18:44:58 infstones-logs-test-dev-cloud
Seems something wrong with trivy when export the AWS_PROFILE, and other is also there is no aws_profile flag option when using trivy
Desired Behavior
After
export AWS_PROFILE=some__aws_profile
, the trivy should scan the VM with that aws_profieActual Behavior
The actual Behavior is :
export AWS_PROFILE=dev-cloud-iam-infra
`zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
/home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
Reproduction Steps
Target
AWS
Scanner
Vulnerability
Output Format
None
Mode
None
Debug Output
Operating System
ubuntu 22.04
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: