aws-sdk-java icon indicating copy to clipboard operation
aws-sdk-java copied to clipboard
verified publisher icon aws

The vpce location constraint is incompatible for the region specific endpoint this request was sent

Open vpeddada-tibco opened this issue 3 years ago • 5 comments

Describe the bug

We are using a VPC endpoint for AWS S3 to create the S3 client followed by create Bucket However, the operation faulted with the following error: com.amazonaws.services.s3.model.AmazonS3Exception: The vpce location constraint is incompatible for the region specific endpoint this request was sent to. After deeper investigation we found that there is an existing issue with LocationConstraint creation in the SDK which can be resolved by a workaround. The LocationConstraint formed in the above case is an invalid region name and hence the operation failed. You can refer to the attached logs. Then we changed our code to use the region name too in the request as follows: This has resolved the issue

CreateBucketRequest request = new CreateBucketRequest("bucketname","regionname");
  s3Client.createBucket(request);

Expected Behavior

The createBucket operation should have worked with the older piece of code.

Current Behavior

However the operation failed with invalid location constraint error as the SDK has an issue with region parsing logic which tries to parse the region from the VPC endpoint if no location was mentioned in the CreateBucketRequest. In our case we observed from the debug logs that it was formed as <CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><LocationConstraint>vpce</LocationConstraint></CreateBucketConfiguration>

Here vpce is a string which is part of our VPC endpoint https://bucket.vpce-0ec9574cb6f757c5f-9i0g0rr9.s3.us-west-2.vpce.amazonaws.com:8020

Reproduction Steps

  • Create a VPC endpoint something like this https://bucket.vpce-0ec9574cb6f757c5f-9i0g0rr9.s3.us-west-2.vpce.amazonaws.com:8020
AwsClientBuilder.EndpointConfiguration config =
        new AwsClientBuilder.EndpointConfiguration(
                "https://<vpc-endpoint>.com",
                "MyRegion");

AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
        .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
        .withEndpointConfiguration(config)
        .build();
     
 CreateBucketRequest request = new CreateBucketRequest("bucketname");
  s3Client.createBucket(request);

Possible Solution

We changed our code to use the region name too in the request as follows: This has resolved the issue

CreateBucketRequest request = new CreateBucketRequest("bucketname","regionname");

  s3Client.createBucket(request);

Please let us know if 1.12.x has resolved this issue.

Additional Information/Context

BW_S3_App3.txt

AWS Java SDK version used

1.11.967

JDK version used

1.8

Operating System and version

Windows 10

vpeddada-tibco avatar Oct 04 '22 11:10 vpeddada-tibco

Hi @vpeddada thank you for reaching out.

This behavior is expected. According to the Javadocs:

public CreateBucketRequest(String bucketName) Constructs a new CreateBucketRequest, ready to be executed to create the specified bucket in the US_Standard region.

US_Standard is an old name for us-east-1, and the legacy S3 endpoint for us-east-1 is s3.amazonaws.com. If you want to create a bucket in a different region you need to specify it.

debora-ito avatar Oct 05 '22 18:10 debora-ito

Hi @debora-ito ! Yes I got that point. However,I have walked through the SDK's source and I found that if signer region provided in endpoint configuration is not us-east-1(in this case it's us-west-2), then the source tries to parse the request region from the endpoint URL. Please refer to https://github.com/aws/aws-sdk-java/blob/3309b35eba4e45a0a3bc3d300dc85822901e5bac/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/AmazonS3Client.java#L1106

This piece of code is retrieving the location as vpce instead of us-west-2 which has caused this issue. Hence there is an issue in https://github.com/aws/aws-sdk-java/blob/3309b35eba4e45a0a3bc3d300dc85822901e5bac/aws-java-sdk-core/src/main/java/com/amazonaws/util/AwsHostNameUtils.java#L77 After fetching the request region, the location constraint configuration is created in the following lines: https://github.com/aws/aws-sdk-java/blob/3309b35eba4e45a0a3bc3d300dc85822901e5bac/aws-java-sdk-s3/src/main/java/com/amazonaws/services/s3/AmazonS3Client.java#L1114

Please refer to the debug logs that I attached to this issue and you will find the <CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><LocationConstraint>vpce</LocationConstraint></CreateBucketConfiguration>

Once I started providing region in the CreateBucketRequest, line no 1106 is skipped and the location constraint is rightly formed as <LocationConstraint>us-west-2</LocationConstraint> and the operation was successful.

vpeddada-tibco avatar Oct 06 '22 05:10 vpeddada-tibco 

<CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> 
      <LocationConstraint>vpce</LocationConstraint>
</CreateBucketConfiguration>

Sorry I missed that part, I understand now. Yes, marking this as a bug with vpce endpoints.

The workaround is to explicitly set the region in CreateBucketRequest :

CreateBucketRequest request = new CreateBucketRequest("bucketname","regionname");

As we have a workaround and the team is focused in SDK v2 work, fixing this is not high in our priority list.

debora-ito avatar Oct 08 '22 00:10 debora-ito

Hi @debora-ito !

Thank you for the acknowledgement. No problem. We made changes to accommodate the workaround. However, just wanted to check: Is this is a known issue which was fixed in any later versions of SDK such as 1.12.x or V2 ? Or is it a new bug which needs to be addressed?

vpeddada-tibco avatar Oct 12 '22 10:10 vpeddada-tibco

@vpeddada Are you creating vpce endpoint using "Enable DNS Name". In my case if I dont do Enable DNS even with the fix suggested by you and configuring vpce endpoint its not honouring my endpoint and falls back to public DNS names

Using AWS Cli and endpoint name I am able to create buckets properly.

Also I am facing similar issue in doesBucketExistV2()

mrahul487 avatar Jun 20 '23 08:06 mrahul487

Hi @vpeddada-tibco

We apologize but this won't get fixed in v1. A workaround is provided in my comment here. I don't think this issue is present in v2 because the v2 s3 client is generated, but if you see any vpce issue please open a new aws-sdk-java-v2 issue.

Reference:

  • Announcing end-of-support for AWS SDK for Java v1.x effective December 31, 2025 - blog post

debora-ito avatar Jun 18 '24 21:06 debora-ito

This issue is now closed.

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

github-actions[bot] avatar Jun 18 '24 21:06 github-actions[bot]