Comment 12 for bug 2052410

So with credentials from the UI it works just fine. It didn't work with the access key and secret that I got for the IAM role.

However, I seem to have worked around this via the following workflow inside the EC2 instance, that has the IAM role assigned:

aws iam create-user --user-name juju-bootstrap
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --user-name juju-bootstrap
ACCESS_KEY=$(aws iam create-access-key --user-name juju-bootstrap)
AWS_ACCESS_KEY_ID=$(echo $ACCESS_KEY | jq -r '.AccessKey.AccessKeyId')
AWS_SECRET_ACCESS_KEY=$(echo $ACCESS_KEY | jq -r '.AccessKey.SecretAccessKey')
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
CONTROLLER_NAME=aws-$REGION
cat > /home/ubuntu/.aws/credentials <<EOL
[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
EOL
juju default-region aws $REGION
juju bootstrap aws