Krambambuli has asked for the wisdom of the Perl Monks concerning the following question:

Dear PerlMonks,

hoping that someone out there might know the answers and would be kind enough to respond, here my two questions. Trying to get acquainted with Amazon services and Paws, I've set up my ~/.aws/credentials to be

[profile instrument] source_profile = default role_arn = arn:aws:iam::MY_IAM_CODE:role/MY_ROLE region = us-east-1 [default] region = us-east-1 aws_secret_access_key = "MY_SECRET_ACCESS_KEY" aws_access_key_id = "MY_ACCESS_KEY_ID"
The simple code I'm playing with is like
#!/usr/bin/perl use strict; use warnings; use Data::Dumper; use Paws; use Paws::Net::LWPCaller; use Paws::Credential::AssumeRole; my $lwp_caller = new Paws::Net::LWPCaller( debug => 1 ); my $cloudwatch = Paws->service('CloudWatch', caller => $lwp_caller, credentials => Paws::Credential::Assum +eRole->new( RoleArn => 'arn:aws:iam::MY_IAM_CO +DE:role/MY_ROLE', RoleSessionName => 'just_kidding', caller => $lwp_caller, ), region => 'us-east-1', profile_name => 'instrument', ); #print Dumper( $cloudwatch ); #exit; my $res = $cloudwatch->ListAllMetrics( Dimensions => [], MetricName => 'MY_METRIC', Namespace => 'MY_NAMESPACE', #NextToken => '', ); print Dumper( $res ); exit;
And here the two things I'm unhappy with.

1. If I launch the above cod as


it works. But if I launch it as


it doesn't, and I get an error message that says
The security token included in the request is invalid
I cannot spot the error in the credentials file, and it seems to me that it is OK, but is simply ignored, although it _should_ be considered. So, is there anything I need to do to get the default credentials properly working...?

2. The documentation says that the default 'caller' is HTTP::Tiny. LWP can be used instead if wanted, and the above code uses it OK. I'm unsure about the second caller spec; if I omit it, i.e have
my $cloudwatch = Paws->service('CloudWatch', caller => $lwp_caller, credentials => Paws::Credential::Assum +eRole->new( RoleArn => 'arn:aws:iam::MY_IAM_CO +DE:role/MY_ROLE', RoleSessionName => 'just_kidding', #caller => $lwp_caller, ), region => 'us-east-1', profile_name => 'instrument', );
then the call to AssumeRole is done with HTTP:Tiny, whereas the call for ListAllMetrics is done as expected via LWP. Is that expected behavior? Shouldn't the caller used for getting the credentials be the same as the one for ListAllMetrics, even without 'saying it again'?

Many thanks in advance.