http://qs321.pair.com?node_id=1189280

Krambambuli has asked for the wisdom of the Perl Monks concerning the following question:

Dear PerlMonks,

hoping that someone out there might know the answers and would be kind enough to respond, here my two questions. Trying to get acquainted with Amazon services and Paws, I've set up my ~/.aws/credentials to be

[profile instrument]
source_profile = default
role_arn = arn:aws:iam::MY_IAM_CODE:role/MY_ROLE
region = us-east-1

[default]
region = us-east-1
aws_secret_access_key = "MY_SECRET_ACCESS_KEY"
aws_access_key_id = "MY_ACCESS_KEY_ID"

[download]
The simple code I'm playing with is like 
#!/usr/bin/perl

use strict;
use warnings;

use Data::Dumper;
use Paws;
use Paws::Net::LWPCaller;
use Paws::Credential::AssumeRole;

my $lwp_caller = new Paws::Net::LWPCaller( debug => 1 );
my $cloudwatch = Paws->service('CloudWatch', 
                                caller => $lwp_caller, 
                                credentials => Paws::Credential::Assum
+eRole->new(
                                    RoleArn => 'arn:aws:iam::MY_IAM_CO
+DE:role/MY_ROLE',
                                    RoleSessionName => 'just_kidding',
                                    caller => $lwp_caller, 
                                ),
                                region => 'us-east-1', 
                                profile_name => 'instrument',
                              );


#print Dumper( $cloudwatch );
#exit;

my $res = $cloudwatch->ListAllMetrics( 
      Dimensions => [],
      MetricName => 'MY_METRIC', 
      Namespace  => 'MY_NAMESPACE', 
      #NextToken  => '',
);

print Dumper( $res );
exit;

[download]
And here the two things I'm unhappy with.

1. If I launch the above cod as

$ AWS_ACCESS_KEY="MY_ACCESS_KEY_ID" AWS_SECRET_KEY="MY_SECRET_ACCESS_KEY" ./test_paws.pl

it works. But if I launch it as

./test_paws.pl

it doesn't, and I get an error message that says 
The security token included in the request is invalid
I cannot spot the error in the credentials file, and it seems to me that it is OK, but is simply ignored, although it _should_ be considered. So, is there anything I need to do to get the default credentials properly working...?

2. The documentation says that the default 'caller' is HTTP::Tiny. LWP can be used instead if wanted, and the above code uses it OK. I'm unsure about the second caller spec; if I omit it, i.e have 
my $cloudwatch = Paws->service('CloudWatch', 
                                caller => $lwp_caller, 
                                credentials => Paws::Credential::Assum
+eRole->new(
                                    RoleArn => 'arn:aws:iam::MY_IAM_CO
+DE:role/MY_ROLE',
                                    RoleSessionName => 'just_kidding',
                                    #caller => $lwp_caller, 
                                ),
                                region => 'us-east-1', 
                                profile_name => 'instrument',
                              );

[download]
then the call to AssumeRole is done with HTTP:Tiny, whereas the call for ListAllMetrics is done as expected via LWP. Is that expected behavior? Shouldn't the caller used for getting the credentials be the same as the one for ListAllMetrics, even without 'saying it again'?

Many thanks in advance.

Back to Seekers of Perl Wisdom