From 28065238348d428158956e4728f7fd1c0a389101 Mon Sep 17 00:00:00 2001
From: Matthew Hooker <mwhooker@gmail.com>
Date: Thu, 15 Feb 2018 14:20:50 -0800
Subject: [PATCH] Fix issue with assume role credentials

---
 builder/amazon/common/access_config.go | 32 +++++++++++++++-----------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/builder/amazon/common/access_config.go b/builder/amazon/common/access_config.go
index 61de7ff09..563030f50 100644
--- a/builder/amazon/common/access_config.go
+++ b/builder/amazon/common/access_config.go
@@ -1,7 +1,6 @@
 package common
 
 import (
-	"errors"
 	"fmt"
 	"log"
 	"os"
@@ -96,20 +95,8 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 	}
 
 	creds := credentials.NewChainCredentials(providers)
-	cp, err := creds.Get()
-	if err != nil {
-		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
-			return nil, errors.New("No valid credential sources found for AWS Builder. " +
-				"Please see https://www.packer.io/docs/builders/amazon.html#specifying-amazon-credentials " +
-				"for more information on providing credentials for the AWS Builder.")
-		}
-
-		return nil, fmt.Errorf("Error loading credentials for AWS Provider: %s", err)
-	}
-	log.Printf("[INFO] AWS Auth provider used: %q", cp.ProviderName)
 
 	config := aws.NewConfig().WithMaxRetries(11).WithCredentialsChainVerboseErrors(true)
-	config = config.WithCredentials(creds)
 
 	if c.RawRegion != "" {
 		config = config.WithRegion(c.RawRegion)
@@ -126,12 +113,18 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 		Config:            *config,
 	}
 
+	if c.ProfileName != "" {
+		opts.Profile = c.ProfileName
+	}
+
 	if c.MFACode != "" {
 		opts.AssumeRoleTokenProvider = func() (string, error) {
 			return c.MFACode, nil
 		}
 	}
 
+	config = config.WithCredentials(creds)
+
 	if sess, err := session.NewSessionWithOptions(opts); err != nil {
 		return nil, err
 	} else if *sess.Config.Region == "" {
@@ -139,8 +132,19 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 	} else {
 		log.Printf("Found region %s", *sess.Config.Region)
 		c.session = sess
-	}
 
+		cp, err := c.session.Config.Credentials.Get()
+		if err != nil {
+			if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
+				return nil, fmt.Errorf("No valid credential sources found for AWS Builder. " +
+					"Please see https://www.packer.io/docs/builders/amazon.html#specifying-amazon-credentials " +
+					"for more information on providing credentials for the AWS Builder.")
+			} else {
+				return nil, fmt.Errorf("Error loading credentials for AWS Provider: %s", err)
+			}
+		}
+		log.Printf("[INFO] AWS Auth provider used: %q", cp.ProviderName)
+	}
 	return c.session, nil
 }