aws-sdk-js icon indicating copy to clipboard operation
aws-sdk-js copied to clipboard

Published 20 hours ago verified publisher icon aws

authentication fails using access id/secret when STS is enabled

Open davehorton opened this issue 2 years ago • 2 comments

Describe the bug

I am authenticating to Polly like so:

// credentials: {accessKeyId, secretAccessKey, region}
const polly = new Polly(credentials);
polly.synthesizeSpeech(opts, (err, data) => {..

This has worked fine on lots of installs. Now I am running on an EC2 instance for a customer of mine that has activated STS. I find that this call above now fails with this stack trace:

"stack":"ConfigError: Missing region in config\n    
at Request.VALIDATE_REGION (/opt/app/node_modules/aws-sdk/lib/event_listeners.js:94:47)\n    
at Request.callListeners (/opt/app/node_modules/aws-sdk/lib/sequential_executor.js:106:20)\n    
at callNextListener (/opt/app/node_modules/aws-sdk/lib/sequential_executor.js:96:12)\n    
at /opt/app/node_modules/aws-sdk/lib/event_listeners.js:86:9\n    
at finish (/opt/app/node_modules/aws-sdk/lib/config.js:396:7)\n    
at /opt/app/node_modules/aws-sdk/lib/config.js:414:9\n    
at Credentials.get (/opt/app/node_modules/aws-sdk/lib/credentials.js:127:7)\n    
at getAsyncCredentials (/opt/app/node_modules/aws-sdk/lib/config.js:408:24)\n    
at Config.getCredentials (/opt/app/node_modules/aws-sdk/lib/config.js:428:9)\n    
at Request.VALIDATE_CREDENTIALS (/opt/app/node_modules/aws-sdk/lib/event_listeners.js:81:26)","code":"ConfigError","time":"2022-08-04T08:26:15.493Z"},"msg":"Error synthesizing tts"}

I can see that this error is burped from with the STS code in the library, here

I'm not quite clear on why this is not working. Basically, I have a valid (access key id, secret access key, region} tuple that was generated by another AWS account, and want to use them on this EC2 instance for Polly TTS, but it seems like somehow because STS is activated I can't. Does anyone have an idea why this is, or how to resolve it?

Expected Behavior

authentication using access key id, secret key, and region should work.

Current Behavior

it works, unless STS is enabled

Reproduction Steps

enable STS, attempt to authenticate to Polly with user credentials

Possible Solution

No response

Additional Information/Context

No response

SDK version used

2.1072.0

Environment details (OS name and version, etc.)

debian 10

davehorton avatar Aug 04 '22 17:08 davehorton

Hey @davehorton thanks for opening this issue, can you share how you are generating those credentials?

ajredniwja avatar Aug 08 '22 14:08 ajredniwja

yes, I am going into the AWS console for my account and:

  • selecting IAM service
  • selecting my user
  • selecting credentials
  • clicking "Create Access Key"

I then get the access key id and secret key from the downloaded csv. Those are the credentials that I am trying to use on my customer's EC2 instance (within an EKS cluster, on a different AWS account).

Notwithstanding the EC2 instance is in a different account, my access key/secret access key is valid and should work (or so I imagine)

davehorton avatar Aug 08 '22 14:08 davehorton

closing this ticket - this was a bug on my end (sorry!)

davehorton avatar Aug 12 '22 13:08 davehorton