From f45b6385a75a8e173f2100db9289dd9870b2d007 Mon Sep 17 00:00:00 2001
From: Michael Sawyer <michael.sawyer@veeva.com>
Date: Thu, 26 Oct 2017 11:01:19 -0700
Subject: [PATCH] SEC-187 Use region from Vagrantfile. Don't print error if
 using IAM profile.

---
 lib/vagrant-aws/config.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/vagrant-aws/config.rb b/lib/vagrant-aws/config.rb
index 30a19cb4..25c24ae6 100644
--- a/lib/vagrant-aws/config.rb
+++ b/lib/vagrant-aws/config.rb
@@ -320,11 +320,12 @@ def finalize!
         # If access_key_id or secret_access_key were not specified in Vagrantfile
         # then try to read from environment variables first, and if it fails from
         # the AWS folder.
-        if @access_key_id == UNSET_VALUE or @secret_access_key == UNSET_VALUE
+        if (@access_key_id == UNSET_VALUE or @secret_access_key == UNSET_VALUE) and @use_iam_profile == UNSET_VALUE
           @aws_profile = 'default' if @aws_profile == UNSET_VALUE
           @aws_dir = ENV['HOME'].to_s + '/.aws/' if @aws_dir == UNSET_VALUE
           @region, @access_key_id, @secret_access_key, @session_token = Credentials.new.get_aws_info(@aws_profile, @aws_dir)
           @region = UNSET_VALUE if @region.nil?
+        elsif @use_iam_profile != UNSET_VALUE
         else
           @aws_profile = nil
           @aws_dir = nil
@@ -439,7 +440,7 @@ def validate(machine)
 
         errors << I18n.t("vagrant_aws.config.aws_info_required",
           :profile => @aws_profile, :location => @aws_dir) if \
-          @aws_profile and (@access_key_id.nil? or @secret_access_key.nil? or @region.nil?)
+          @aws_profile.nil? and (@access_key_id.nil? or @secret_access_key.nil? or @region.nil?)
 
         errors << I18n.t("vagrant_aws.config.region_required") if @region.nil?