Ignore user-defined AWS_PROFILE variable in cache uploads (!5986) · Merge requests · GitLab.org / gitlab-runner

What does this MR do?

When the S3 RoleARN config is used, someone could define a CI/CD variable was AWS_PROFILE environment variable and cause the AWS SDK to look up the profile from config files. If the profile does not exist, the cache uploader fails with an error: failed to get shared config profile.

To avoid this, make sure we pass an empty AWS_PROFILE variable to the runner helper.

Why was this MR needed?

Runner cache uploads fail if AWS_PROFILE is defined in a job with RoleARN defined.

What's the best way to test this MR?

Set up a runner with a Docker executor and S3 cache.
Set up S3.RoleARN config: https://docs.gitlab.com/runner/configuration/advanced-configuration/#the-runnerscaches3-section
Create a CI job that defines AWS_PROFILE:

default:
  image: busybox:latest
  script:
    - echo "hello world" > test.txt
  cache:
    paths:
      - test.txt
  artifacts:
    paths:
      - test.txt
  variables:
    AWS_PROFILE: "random-profile"

What are the relevant issue numbers?

Relates to https://gitlab.com/gitlab-com/request-for-help/-/work_items/3883

Edited Dec 05, 2025 by Stan Hu

Ignore user-defined AWS_PROFILE variable in cache uploads

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports