AWS Bedrock with custom credential process

[Will-So]

Before submitting your bug report

• [X] I believe this is a bug. I'll try to join the Continue Discord for questions
• [X] I'm not able to find an open issue that reports the same bug
• [ X] I've seen the troubleshooting guide on the Continue Docs

Relevant environment info

- OS: MacOS 14.6
- Continue: 0.0.64
- IDE: Pycharm 2024.2
- Model:Bedrock Sonnet
- config.json:

Description

Big fan of the project! Looks just like what I've been looking for.

When accessing a model via Bedrock using a credential process:

[default]
region=us-west-2
output=json
credential_process = cust_process get 555555555 Admin --json

Results in the following error:

[2024-09-05T04:46:13] CredentialsProviderError: Command failed: cust_process get 555555555 Admin --json /bin/sh: cust_process: command not found

when cust_process is in /usr/local/bin.

If I open PyCharm via the CLI open -a "PyCharm" everything works without problem. Also, the cust_process command works in terminal and various AWS plugins (Q Developer, AWS Toolkit). I tried to do some research how to source Intellij's terminal environment from plugins but didn't have success.

To reproduce

1. Create a Dummy Credential Process Script:

Create a simple script (e.g., dummy_credential_process.sh) that will act as the external process to provide AWS credentials. This script should output JSON in the format expected by AWS CLI. Make the following in /usr/local/bin/dummy_credential_process.sh

#!/bin/bash

cat <<EOF
{
  "Version": 1,
  "AccessKeyId": "DUMMY_ACCESS_KEY_ID",
  "SecretAccessKey": "DUMMY_SECRET_ACCESS_KEY",
  "SessionToken": "DUMMY_SESSION_TOKEN",
  "Expiration": "$(date -u -d '+15 minutes' +'%Y-%m-%dT%H:%M:%SZ')"
}
EOF

Ensure the script is executable:

chmod +x dummy_credential_process.sh

2. Configure AWS CLI to Use credential_process:

[profile dummy]
region = us-east-1
credential_process = /path/to/dummy_credential_process.sh
Replace /path/to/dummy_credential_process.sh with the actual path to your script.

3. Refer to that in .continue/config.json
4. Try to ask a question (it will fail)
5. Open from the terminal that has a PATH set that can execute it and open PyCharm via open -a "PyCharm". This time it should succeed if your AWS credentials are good.

Log output

[2024-09-05T04:46:13] Error running handler for "llm/streamChat":  CredentialsProviderError: Command failed: cust_process get 555555555 Admin --json
/bin/sh: cust_process: command not found

[2024-09-05T04:46:13] CredentialsProviderError: Command failed: cust_process get 555555555 Admin --json
/bin/sh: cust_process: command not found

[Patrick-Erichsen]

Hi @Will-So , thanks for the great writeup here!

cc @sestinj - curious if you've come across other issues of executables in JetBrains not being found.

Open from the terminal that has a PATH set that can execute it and open PyCharm via open -a "PyCharm". This time it should succeed if your AWS credentials are good.

[sestinj]

@Will-So Seems like a potential PATH issue, does using the absolute path in your AWS config file work?

[default]
region=us-west-2
output=json
credential_process = /usr/local/bin/cust_process get 555555555 Admin --json

[Will-So]

Yea that works. Should have thought of that! It's better workaround than opening PyCharm from the terminal so this solves my problem.

I suspect this is still worthwhile fixing though as other plugins I am using have access to my PATH and i imagine it will be the cause of other unexpected behavior.

[github-actions[bot]]

This issue hasn't been updated in 90 days and will be closed after an additional 10 days without activity. If it's still important, please leave a comment and share any new information that would help us address the issue.

[github-actions[bot]]

This issue was closed because it wasn't updated for 10 days after being marked stale. If it's still important, please reopen + comment and we'll gladly take another look!