leapp icon indicating copy to clipboard operation
leapp copied to clipboard

Published 20 hours ago verified publisher icon Noovolari

AWS Regions Set by Leapp in Credentials File Doesn't Always Get Read

Open imaginaryCorn opened this issue 2 years ago • 5 comments

Describe the bug The default AWS region for sessions in Leapp doesn't appear to be applied correctly for some AWS use-cases. In some programs, the AWS SDK complains that it can't find the region within config, even though region switching with Leapp does otherwise appear to be working (eg aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]' does output the correct region each time).

Leapp Version 0.16.0

To Reproduce Steps to reproduce the behavior:

  1. Ensure no manually configured default regions exist (AWS_REGION env variables, .aws/config etc).
  2. Login to an AWS integration in leap
  3. Start a session.
  4. cat ~/.aws/credentials contains the region set by Leapp and updates the region whenever it is changed in Leapp, while cat ~/.aws/config is unchanged or empty.

Expected behavior Regions may need to be set by Leapp for [default] or a named profile within .aws/config, as per many places in AWS documentation: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html#setup-credentials-setting-region https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-region.html#setting-region-config-file

Screenshots Showing the regions from Leapp being set within the wrong file (for some use-cases), on both default and named profiles: Screen Shot 2022-11-10 at 11 09 15 AM Screen Shot 2022-11-10 at 11 11 25 AM This part is more of an AWS quirk than a Leapp issue, but AWS CLI still claims the region comes from config, even though Leapp has set it in credentials: Screen Shot 2022-11-10 at 11 34 56 AM

Desktop (please complete the following information):

  • OS: MacOS
  • OS Version: 12.6 Monterey
  • Leapp Version: 0.16.0

imaginaryCorn avatar Nov 09 '22 22:11 imaginaryCorn

Hi @imaginaryCorn! Thanks for your analysis. We know that region should stay in config file, but we haven't seen any issue till now, just remember that "aws configure list" also depends on the active profile you're asking (in your example you're asking data for the default profile), if you have multiple profile active at the same time you need to specify the profile with --profile=<profile> option. Are you trying to access some SDK with a different profile than the default one?

urz9999 avatar Nov 11 '22 16:11 urz9999

Hi @urz9999 ! In this case while running tests that use AWS Javascript SDK (in Typescript), no profile was set and we switch roles only using the default profile. If a region is not set manually some other way, it is unable to pick the region set by Leapp and throws ConfigError: Missing region in config. We are hoping that we can use Leapp to control the current region for sessions.

imaginaryCorn avatar Nov 13 '22 20:11 imaginaryCorn

We never experienced these problems, which is curious, have you had config.update() in JS? We use it a lot in our code, as it is necessary to JS to pick up the current status of the credentials

urz9999 avatar Nov 15 '22 09:11 urz9999

@urz9999 I'm not sure I understand fully. config.update seems to be what to use when setting a region, but we want AWS SDK to pick-up the one set by Leapp, which is currently set where the SDK doesn't expect one to be according to their documents.

imaginaryCorn avatar Nov 20 '22 21:11 imaginaryCorn

I see your point, in the meantime, please try credentials process method in the options menu and see if it's working for you, it set the config file instead of the credential file, so maybe it could help

urz9999 avatar Nov 22 '22 09:11 urz9999