ex_aws icon indicating copy to clipboard operation
ex_aws copied to clipboard
verified publisher icon ex-aws

2.3.3 — `ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter` Fails in China

Open kyleVsteger opened this issue 3 years ago • 2 comments

Environment

  • Elixir & Erlang versions (elixir --version):
Erlang/OTP 24 [erts-12.3.2] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1]
Elixir 1.13.4 (compiled with Erlang/OTP 22)
  • ExAws version mix deps |grep ex_aws
* ex_aws (Hex package) (mix)
  locked at 2.3.3 (ex_aws) 140f65eb
* ex_aws_s3 (Hex package) (mix)
  locked at 2.3.3 (ex_aws_s3) 0044f0b6
* ex_aws_sts (Hex package) (mix)
  locked at 2.3.0 (ex_aws_sts) f14e4c7d
  • HTTP client version. IE for hackney do mix deps | grep hackney
* hackney 1.18.1 (Hex package) (rebar3)
  locked at 1.18.1 (hackney) a4ecdaff

Summary

I was unable to authenticate using the ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter in cn-northwest-1 after updating from 2.2.10 -> 2.3.3.

Current behavior

Config

config :ex_aws,
  access_key_id: [
    {:system, "AWS_ACCESS_KEY_ID"},
    {:awscli, "myprofile", 30},
    :instance_role
  ],
  secret_access_key: [
    {:system, "AWS_SECRET_ACCESS_KEY"},
    {:awscli, "myprofile", 30},
    :instance_role
  ],
  awscli_auth_adapter: ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter,
  region: "cn-northwest-1"

Stacktrace

** (exit) exited in: GenServer.call(ExAws.Config.AuthCache, {:refresh_awscli_config, "myprofile", 30000}, 30000)
    ** (EXIT) an exception was raised:
        ** (RuntimeError) sso not found in partition aws-cn
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:175: ExAws.Config.Defaults.fetch_or/3
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:147: ExAws.Config.Defaults.do_host/3
            (ex_aws 2.3.3) lib/ex_aws/config/defaults.ex:89: ExAws.Config.Defaults.get/2
            (ex_aws 2.3.3) lib/ex_aws/config.ex:70: ExAws.Config.build_base/2
            (ex_aws 2.3.3) lib/ex_aws/config.ex:54: ExAws.Config.http_config/2
            (ex_aws 2.3.3) lib/ex_aws/credentials_ini/file.ex:15: ExAws.CredentialsIni.File.security_credentials/1
            (ex_aws 2.3.3) lib/ex_aws/config.ex:158: ExAws.Config.awscli_auth_credentials/2
            (ex_aws 2.3.3) lib/ex_aws/config/auth_cache.ex:65: ExAws.Config.AuthCache.refresh_awscli_config/3

Expected behavior

Authentication should work in the China region as it did in previous releases.

Thanks @bernardd! Please let me know if you need any other info!

kyleVsteger avatar Jul 13 '22 12:07 kyleVsteger

Hi @kyleVsteger - apologies this took so long. Life happened etc etc, and also it wasn't quite the trivial fix I thought it might have been. If you can try v2.3.4 and let me know if it resolves this, that would be great, thanks.

bernardd avatar Aug 17 '22 01:08 bernardd

I'll put this on my list of things to check during our cooldown cycle. Thanks @bernardd!

kyleVsteger avatar Aug 25 '22 14:08 kyleVsteger