Failed to load AWS_PROFILE when using trivy vm ami:<ami_id>

[nikpivkin]

Discussed in #6370

^{Originally posted by wangzhihaocom March 22, 2024}

Description

After I run export AWS_PROFILE=some_profile and then I run the command trivy vm to scan an AMI , and I got this following error

2024-03-21T19:04:42.318Z INFO Need to update DB 2024-03-21T19:04:42.318Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2024-03-21T19:04:42.318Z INFO Downloading DB... 44.49 MiB / 44.49 MiB [---------------------------------------------------------------------------------------------] 100.00% 16.19 MiB p/s 2.9s 2024-03-21T19:04:45.685Z INFO Vulnerability scanning is enabled 2024-03-21T19:04:45.685Z INFO Secret scanning is enabled 2024-03-21T19:04:45.685Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:04:45.685Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:04:45.701Z FATAL vm scan error: scan error: unable to initialize a scanner: unable to initialize a vm scanner: aws config load error: failed to get shared config profile, dev-cloud-iam-infra

But I use the same AWS_PROFILE , i can use my aws cli command as this the output

aws s3 ls --profile dev-cloud-iam-infra

2024-02-08 21:04:51 cf-templates-j1vskhoonux6-ap-east-1
2024-02-08 20:19:54 cf-templates-j1vskhoonux6-ap-northeast-1
2024-02-08 22:41:46 cf-templates-j1vskhoonux6-ap-southeast-1
2024-02-22 00:25:55 cf-templates-j1vskhoonux6-us-east-1
2023-11-15 21:33:05 cf-templates-j1vskhoonux6-us-east-2
2024-03-21 18:00:56 infstones-logs-dev-cloud
2024-02-29 18:44:58 infstones-logs-test-dev-cloud

Seems something wrong with trivy when export the AWS_PROFILE, and other is also there is no aws_profile flag option when using trivy

Desired Behavior

After export AWS_PROFILE=some__aws_profile, the trivy should scan the VM with that aws_profie

Actual Behavior

The actual Behavior is :

1. export AWS_PROFILE=dev-cloud-iam-infra
2. When I run the scan trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
3. I got this error

`zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445

• scan error:
  github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
  /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
• unable to initialize a scanner:
  github.com/aquasecurity/trivy/pkg/commands/artifact.scan
  /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
• unable to initialize a vm scanner:
  github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
  /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
• aws config load error:
  github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
  /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
• failed to get shared config profile, dev-cloud-iam-infra`

Reproduction Steps

1. export AWS_PROFILE=dev-cloud-iam-infra
2. trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1 
3. Error

zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z	DEBUG	Ignore statuses	{"statuses": null}
2024-03-21T19:15:52.137Z	DEBUG	Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z	DEBUG	cache dir:  /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z	DEBUG	DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z	DEBUG	DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z	INFO	Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z	DEBUG	Vulnerability type:  [os library]
2024-03-21T19:15:52.141Z	INFO	Secret scanning is enabled
2024-03-21T19:15:52.141Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z	DEBUG	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z	DEBUG	No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z	DEBUG	The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z	FATAL	vm scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
  - unable to initialize a scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
  - unable to initialize a vm scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
  - aws config load error:
    github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
        /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
  - failed to get shared config profile, dev-cloud-iam-infra

Target

AWS

Scanner

Vulnerability

Output Format

None

Mode

None

Debug Output

trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z	DEBUG	Ignore statuses	{"statuses": null}
2024-03-21T19:15:52.137Z	DEBUG	Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z	DEBUG	cache dir:  /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z	DEBUG	DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z	DEBUG	DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z	INFO	Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z	DEBUG	Vulnerability type:  [os library]
2024-03-21T19:15:52.141Z	INFO	Secret scanning is enabled
2024-03-21T19:15:52.141Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z	DEBUG	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z	DEBUG	No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z	DEBUG	The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z	FATAL	vm scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
  - unable to initialize a scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
  - unable to initialize a vm scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
  - aws config load error:
    github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
        /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
  - failed to get shared config profile, dev-cloud-iam-infra

Operating System

ubuntu 22.04

Version

trivy --version
Version: 0.49.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC
  NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC
  DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC

Checklist

• Run trivy image --reset
• Read the troubleshooting

[wangzhihaocom]

Hi Just wondering is there any update on this issue?