Fix for getting partition for federated users (#13992)

Federated users calling `iam:GetUser` will get the error code `InvalidClientTokenId` so this shouldn't bail out but instead continue on to try `sts:GetCallerIdentity`.
9 years ago · 2dd7e72674
parent 78c2720a4c
commit 2dd7e72674
1 changed files with 1 additions and 1 deletions
--- a/builtin/providers/aws/auth_helpers.go
+++ b/builtin/providers/aws/auth_helpers.go
@ -54,7 +54,7 @@ func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string)
 	awsErr, ok := err.(awserr.Error)
 	// AccessDenied and ValidationError can be raised
 	// if credentials belong to federated profile, so we ignore these
-	if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError") {
+	if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError" && awsErr.Code() != "InvalidClientTokenId") {
 		return "", "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
 	}
 	log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err)