Lack of S3 Credentials when using Plan action, cannot replicate locally on the same EC2 instance.

[imartinKeeper]

Problem description

When running the plan action, as of Dec 1st, w/ no changes to either our IAM role permissions or the workflow file, our Plan action has started failing w/

Initializing the backend...
  ╷
  │ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
  │ 
  │ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
  │ for more information about providing credentials.
  │ 
  │ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
  │ 	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

When trying to run the same actions locally we run into no errors, and instead are given the correct plan output.

We've tried to copy up config files into the .aws directory, as well as double checking all IAM roles to ensure access should completely fine, and still the error persists.

This is run on a self-hosted Amazon Linux 2 EC2 instance through Github Actions.

Terraform version

1.3.6

Backend

No response

Workflow YAML

terraform_plan:
    environment: Github Actions
    name: Terraform Plan QA
    runs-on: QARunner
    needs: terraform_format
    strategy:
      fail-fast: false
      matrix:
        region: [ "us-east-1", "eu-west-1", "ap-southeast-2", "ca-central-1", "ap-northeast-1", "global" ]
    steps:
      - uses: actions/checkout@v3
        name: Checkout Repo

      - name: terraform plan
        uses: dflook/terraform-plan@v1.31.1
        env:
          GITHUB_TOKEN: ${{ secrets.KS_ACCESS_TOKEN }}
          TERRAFORM_PRE_RUN: |
            echo ${{ secrets.KSM_CONFIG }} > config.txt
            base64 -d config.txt > .terraform.config.json
            mv .terraform.config.json ~/.terraform.config.json
        with:
          path: ./terraform/environments/commercial/${{ matrix.region }}/qa

Workflow log

Initializing the backend...
  ╷
  │ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
  │ 
  │ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
  │ for more information about providing credentials.
  │ 
  │ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
  │ 	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

[dflook]

Please set the ACTIONS_STEP_DEBUG secret to true and run the job again.

When was the last time this worked and what version of the action were you using? How are you providing the aws credentials to your runner?

[imartinKeeper]

I will rerun with debug true in about 8 hours.

It last worked on Nov 30th, and we are using latest. We did see you pushed an update on the first but we also tried using the pinned 1.3.0 version. We normally have it marked as v1 to use your latest patch.

We provide aws credentials via IAM roles and a config file located in .aws/config that demotes profiles to use

[imartinKeeper]

 ##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS
 Initializing modules...
  Initializing the backend...
  ╷
  │ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
  │ 
  │ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
  │ for more information about providing credentials.
  │ 
  │ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
  │ 	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
  │ 
  │ 
  │ 
  ╵

Basically the same logging output. I've taken out the individual terraform directories that successfully initialized