amazon-transcribe-streaming-sdk icon indicating copy to clipboard operation
amazon-transcribe-streaming-sdk copied to clipboard

Published 20 hours ago verified publisher icon awslabs

SDK unable to use IAM credentials

Open anshitmt opened this issue 5 years ago • 9 comments

This is more of a question than an issue. While the examples mentioned on the page work when I give provide access key and secret key via environment variable, it does not when I only assign IAM to the machine. I get the following error in the latter case:

[dev] File "/usr/local/lib/python3.7/site-packages/amazon_transcribe/client.py", line 90, in start_stream_transcription [dev] creds = await self._credential_resolver.get_credentials() [dev] File "/usr/local/lib/python3.7/site-packages/amazon_transcribe/auth.py", line 45, in get_credentials [dev] credentials = await asyncio.wrap_future(self._crt_resolver.get_credentials()) [dev] awscrt.exceptions.AwsCrtError: AwsCrtError(name='AWS_AUTH_CREDENTIALS_PROVIDER_IMDS_SOURCE_FAILURE', message='Valid credentials could not be sourced by the IMDS provider', code=6154)

I would like to understand if it is an expected product behaviour.

anshitmt avatar Sep 01 '20 10:09 anshitmt

it does not when I only assign IAM to the machine

Can you be a little more specific about your setup? Are you running this on EC2, ECR, Codebuild, etc?

joguSD avatar Sep 01 '20 17:09 joguSD

I am running my code inside a docker container (pod) on a Kubernetes setup, which runs on a EC2 machine. We use kiam library to assign IAM roles to pods.

When I ssh into my pod, I am able to see the correct IAM role attached to my pod. I am also able to access other AWS services like S3 from the same pod, but when I use this SDK, I get the error mentioned in my previous post.

anshitmt avatar Sep 02 '20 09:09 anshitmt

same

Eittipat avatar May 23 '21 09:05 Eittipat

I have the same issue, running the aws-transcribe-streaming-sdk in Docker. But when running my app outside of docker, it works (that means the aws service and IAM credentials are working).

DaaS-20xx avatar Sep 23 '21 10:09 DaaS-20xx

I also have the same issue.

Topcode111 avatar Oct 05 '21 12:10 Topcode111

Same one here! Doesn't work inside a Kubernetes POD. Can we expect that this will be fixed?

parikls avatar Oct 07 '21 15:10 parikls

Same problem on Raspberry pi: File "/home/pi/.local/lib/python3.9/site-packages/amazon_transcribe/auth.py", line 45, in get_credentials credentials = await asyncio.wrap_future(self._crt_resolver.get_credentials()) awscrt.exceptions.AwsCrtError: AWS_AUTH_CREDENTIALS_PROVIDER_IMDS_SOURCE_FAILURE: Valid credentials could not be sourced by the IMDS provider

cderinbogaz avatar Dec 04 '21 15:12 cderinbogaz

I'm getting the same error when authenticating with SSO. To get around it I use boto3 to fetch the credentials and then set the related environment variables.

import os
import boto3

credentials = boto3.Session().get_credentials()

os.environ["AWS_ACCESS_KEY_ID"] = credentials.access_key
os.environ["AWS_SECRET_ACCESS_KEY"] = credentials.secret_key
os.environ["AWS_SESSION_TOKEN"] = credentials.token

dejohansson avatar Aug 14 '23 12:08 dejohansson

This is still an issue..

riccardobucco avatar Jun 13 '24 08:06 riccardobucco