FATAL: get k8s artifacts with node info error: failed listing resources for gvr: apps/v1, Resource=deployments - Get "https://17445F7FD07FE5246FBFE67AD1C0AEC7.gr7.ap-northeast-1.eks.amazonaws.com/apis/apps/v1/deployments": getting credentials: exec: executable aws failed with exit code 255

[Jaideep1997]

Description

i have been using trivy command = "trivy k8s cluster --compliance=k8s-nsa --report all"

i want to login from aws profile name, and role ARN to run the trivy command, the credentials are stored in .aws folder where i have the other account's client's role ARN and profile name, and my account's access key and secret key that is connected with another client account's role_ARN

Desired Behavior

i dont want to login directly by running aws configure, i want to login by clients role ARN that connected by the IAM role with my account ,
and i want to access client's cluster details by its role ARN that is connected with my account.
i have saved credentials in .aws folder like this -
[source]
aws_access_key_id = AK
aws_secret_access_key = b****R

[CloudArmour-Internal]
role_arn = arn:aws:iam::**********:role/NewTestCrossAccount
source_profile = source

Actual Behavior

getting me this error - "2023-05-11T14:22:34.334+0530 FATAL get k8s artifacts with node info error: failed listing resources for gvr: apps/v1, Resource=deployments - Get "https://17445F7FD07FE5246FBFE67AD1C0AEC7.gr7.ap-northeast-1.eks.amazonaws.com/apis/apps/v1/deployments": getting credentials: exec: executable aws failed with exit code 255"

Reproduction Steps

1. saved all credentials in .aws folder like this: 
[source]
aws_access_key_id = A***************K
aws_secret_access_key = b*******************R

[CloudArmour-Internal]
role_arn = arn:aws:iam::**********:role/NewTestCrossAccount
source_profile = source

2.running the trivy command ="trivy k8s cluster --compliance=k8s-nsa --report all"

3.giving me this error : FATAL	get k8s artifacts with node info error: failed listing resources for gvr: apps/v1, Resource=deployments - Get "https://17445F7FD07FE5246FBFE67AD1C0AEC7.gr7.ap-northeast-1.eks.amazonaws.com/apis/apps/v1/deployments": getting credentials: exec: executable aws failed with exit code 255"
...

Target

Kubernetes

Scanner

None

Output Format

None

Mode

None

Debug Output

$ trivy k8s cluster --compliance=k8s-nsa --report all --debug

 ===========2023-05-11T14:40:03.796+053 DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
Unable to locate credentials. You can configure credentials by running "aws configure".
2023-05-11T14:40:06.271+0530	FATAL	get k8s artifacts with node info error:
    github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun
        /home/runner/work/trivy/trivy/pkg/k8s/commands/cluster.go:27
  - failed listing resources for gvr: apps/v1, Resource=deployments - Get "https://17445F7FD07FE5246FBFE67AD1C0AEC7.gr7.ap-northeast-1.eks.amazonaws.com/apis/apps/v1/deployments": getting credentials: exec: executable aws failed with exit code 255

Operating System

ubuntu

Version

Version: 0.41.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-05-11 06:07:21.356132135 +0000 UTC
  NextUpdate: 2023-05-11 12:07:21.356131735 +0000 UTC
  DownloadedAt: 2023-05-11 06:39:54.680938313 +0000 UTC
Policy Bundle:
  Digest: sha256:97988c6fc189faa28aa7fc2fc93fb2605c46d2f6ae4092a70e03697ba1d6e620
  DownloadedAt: 2023-05-10 08:30:41.823154153 +0000 UTC

Checklist

• Run trivy --reset
• Read the troubleshooting