Our team has created a Java command-line utility that connects to AWS S3. We aren't specifying a particular credentials source, we're just using S3Client.builder().region(region).build() and allowing the AWS SDK to find the correct credentials.
Our users are running the application from the command-line, along with aws s3 commands. This is on Windows, and everyone uses Git Bash, running aws configure to set the credentials, and this is working for everyone except one user. That user has run aws configure the same as everyone else, and the aws s3 commands work fine in their terminal, but when they run java -jar ... from the same terminal, they get this error:
Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(), EnvironmentVariableCredentialsProvider(), WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(profilesAndSectionsMap=[])), ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) : [SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set., ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(profilesAndSectionsMap=[])): Profile file contained no credentials for profile 'default': ProfileFile(profilesAndSectionsMap=[]), ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set., InstanceProfileCredentialsProvider(): Failed to load credentials from IMDS.]
I checked, and their ~/.aws/config and ~/.aws/credentials are the same as mine. The config file sets the region for [default] and the credentials sets the access key and secret for [default].
What could be causing the Java program to have this error for one user but not others, even though the aws s3 commands are working for everyone?
It turns out that git bash had a different "home" than the user's home. The aws CLI was creating the .aws directory in /c/Users/<username/.aws but in git bash the $HOME variable pointed to /h/. This command fixed the problem (of course, if this needs to be re-run any time credentials change):
cp -r /c/Users/<username>/.aws /h/