Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to authenticate using AWS Account with MFA enabled #2356

Open
meyuviofficial opened this issue Nov 8, 2023 · 6 comments
Open

Unable to authenticate using AWS Account with MFA enabled #2356

meyuviofficial opened this issue Nov 8, 2023 · 6 comments
Assignees
@RanVaknin
Labels
bug This issue is a bug. investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 This is a standard priority issue

Comments

@meyuviofficial
Copy link

Describe the bug

I'm trying to authenticate to an AWS account that has MFA enabled. But, I'm not able to do so because it's throwing error. Also, I'm not getting any examples or clear documentation for performing it.

I'm following the example mentioned in the official docs.

// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX - License - Identifier: Apache - 2.0
// snippet-start:[sts.go-v2.AssumeRole]
package main

import (
	"context"
	"fmt"

	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/sts"
)

// STSAssumeRoleAPI defines the interface for the AssumeRole function.
// We use this interface to test the function using a mocked service.
type STSAssumeRoleAPI interface {
	AssumeRole(ctx context.Context,
		params *sts.AssumeRoleInput,
		optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error)
}

// TakeRole gets temporary security credentials to access resources.
// Inputs:
//
//	c is the context of the method call, which includes the AWS Region.
//	api is the interface that defines the method call.
//	input defines the input arguments to the service call.
//
// Output:
//
//	If successful, an AssumeRoleOutput object containing the result of the service call and nil.
//	Otherwise, nil and an error from the call to AssumeRole.
func TakeRole(c context.Context, api STSAssumeRoleAPI, input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
	return api.AssumeRole(c, input)
}

func main() {
	roleARN := "arn:aws:iam::<AccountId>:role/<RoleName>"
	sessionName := "<SessionName>"
	serialNumber := "arn:aws:iam::<AccountId>:mfa/<DeviceName>"

	cfg, err := config.LoadDefaultConfig(context.TODO())
	if err != nil {
		panic("configuration error, " + err.Error())
	}

	client := sts.NewFromConfig(cfg)

	input := &sts.AssumeRoleInput{
		RoleArn:         &roleARN,
		RoleSessionName: &sessionName,
		SerialNumber:    &serialNumber,
		DurationSeconds: &[]int32{3600}[0],
		TokenCode:       &[]string{"<MFA Code>"}[0],
	}

	result, err := TakeRole(context.TODO(), client, input)
	if err != nil {
		fmt.Println("Got an error assuming the role:")
		fmt.Println(err)
		return
	}

	fmt.Println(result.AssumedRoleUser)
}

// snippet-end:[sts.go-v2.AssumeRole]

But, I'm not able to authenticate and I'm getting the below error always despite passing the MFA code.

Got an error assuming the role:
operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: d93830fb-f92e-4cdb-806f-cfdf116a6cef, api error InvalidClientTokenId: The security token included in the request is invalid.

Expected Behavior

Successfully authenticated to the AWS account.

Current Behavior

I'm not able to authenticate and I'm getting the below error always despite passing the MFA code.

Got an error assuming the role:
operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: d93830fb-f92e-4cdb-806f-cfdf116a6cef, api error InvalidClientTokenId: The security token included in the request is invalid.

Reproduction Steps

  • Use AWS SDK for Go (v2)
  • Try to authenticate to an AWS account that has MFA enabled.

Possible Solution

  • Please try to include documentation in the official docs which is missing as of now.

Additional Information/Context

No response

AWS Go SDK V2 Module Versions Used

aws-auth github.com/aws/aws-sdk-go-v2@v1.22.1
aws-auth github.com/aws/aws-sdk-go-v2/config@v1.22.2
aws-auth github.com/aws/aws-sdk-go-v2/credentials@v1.15.1
aws-auth github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.14.2
aws-auth github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1
aws-auth github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1
aws-auth github.com/aws/aws-sdk-go-v2/internal/ini@v1.5.1
aws-auth github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1
aws-auth github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0
aws-auth github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0
aws-auth github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0
aws-auth github.com/aws/smithy-go@v1.16.0
aws-auth go@1.21.3
github.com/aws/aws-sdk-go-v2@v1.22.1 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2@v1.22.1 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2@v1.22.1 github.com/jmespath/go-jmespath@v0.4.0
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/credentials@v1.15.1
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.14.2
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/internal/ini@v1.5.1
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1
github.com/aws/aws-sdk-go-v2/config@v1.22.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.14.2
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1
github.com/aws/aws-sdk-go-v2/credentials@v1.15.1 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1
github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.14.2 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.14.2 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.14.2 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/internal/ini@v1.5.1 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1
github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1
github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/service/sso@v1.17.0 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.19.0 github.com/google/go-cmp@v0.5.8
github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0 github.com/aws/aws-sdk-go-v2@v1.22.1
github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.2.1
github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.5.1
github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.10.1
github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0 github.com/aws/smithy-go@v1.16.0
github.com/aws/aws-sdk-go-v2/service/sts@v1.25.0 github.com/google/go-cmp@v0.5.8
github.com/aws/smithy-go@v1.16.0 github.com/google/go-cmp@v0.5.8
go@1.21.3 toolchain@go1.21.3

Compiler and Version used

go version go1.21.3 darwin/arm64

Operating System and version

Mac OS - Ventura - 13.6.1
@meyuviofficial meyuviofficial added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 8, 2023
@RanVaknin RanVaknin self-assigned this Nov 21, 2023
@cristim
Copy link

cristim commented Dec 4, 2023

I noticed something similar, may or may not be the same issue.

In my case the user and its MFA are defined in an account aaaaaaaaaaaaa and the assumed role is in another account, bbbbbbbbbbbb.

cfg, err := config.LoadDefaultConfig(context.TODO(),
	config.WithRegion(region),
)
if err != nil {
	log.Println("Error loading configuration profile:", err.Error())
}

gives Error loading configuration profile: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.

My AWS config looks like this, and it works well with AWS CLI:

[profile my-profile]
source_profile = users
role_arn=arn:aws:iam::bbbbbbbbbbbb:role/MyAssumedRole
mfa_serial = arn:aws:iam::aaaaaaaaaaaaa:mfa/my-mfa
region=us-east-1

@RanVaknin
Copy link
Contributor

Hi @yuvarajselva .

Thank your for your patience. Admittedly I've never used this flow before, so this took some time to try and reproduce.
Unfortunately Im not able to replicate the error. Im able to successfully use the MFA token to assume a role.

Here is my setup for comparison:

main.go:

package main

import (
	"context"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/sts"
)

func main() {
	cfg, err := config.LoadDefaultConfig(context.TODO(),
		config.WithClientLogMode(aws.LogRequestWithBody|aws.LogResponseWithBody),
		config.WithSharedConfigProfile("RanVakMfa"),
	)
	if err != nil {
		log.Fatalf("unable to load SDK config, %v", err)
	}

	stsClient := sts.NewFromConfig(cfg)
	roleArn := "arn:aws:iam::REDACTED:role/mfa-role"
	mfaSerialNumber := "arn:aws:iam::REDACTED:mfa/Pixel7"
	tokenCode := "123456" // 6 digit code supplied by google Authenticator app

	assumeRoleInput := &sts.AssumeRoleInput{
		RoleArn:         &roleArn,
		RoleSessionName: aws.String("session-name"),
		SerialNumber:    &mfaSerialNumber,
		TokenCode:       &tokenCode,
	}
	out, err := stsClient.AssumeRole(context.TODO(), assumeRoleInput)
	if err != nil {
		log.Fatalf("unable to assume role, %v", err)
	}

	fmt.Println(*out.AssumedRoleUser.Arn) // logs arn:aws:sts::REDACTED:assumed-role/mfa-role/session-name

aws.config:

[profile RanVakMfa]
region = us-east-1
output = json
mfa_serial = arn:aws:iam::REDACTED:mfa/Pixel7

aws.credentials:

[RanVak]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

Using the CLI I can quickly inspect my role and the the assume role policy document attached to it.

$ aws iam get-role --role-name mfa-role  
{
    "Role": {
        "Path": "/",
        "RoleName": "mfa-role",
        "RoleId": "REDACTED",
        "Arn": "arn:aws:iam::REDACTED:role/mfa-role",
        "CreateDate": "2023-12-06T00:22:58+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::REDACTED:user/RanVak"
                    },
                    "Action": "sts:AssumeRole",
                    "Condition": {
                        "Bool": {
                            "aws:MultiFactorAuthPresent": "true"
                        }
                    }
                }
            ]
        },
        "MaxSessionDuration": 3600,
        "RoleLastUsed": {}
    }
}

My IAM user has MFA enabled and Google Authenticator on my actual mobile phone configured to be the MFA provider:
image

Raw Request and response logs:

SDK 2023/12/05 17:14:49 DEBUG Request
POST / HTTP/1.1
Host: sts.us-east-1.amazonaws.com
User-Agent: aws-sdk-go-v2/1.23.1 os/macos lang/go#1.19.1 md/GOOS#darwin md/GOARCH#arm64 api/sts#1.25.4
Content-Length: 204
Amz-Sdk-Invocation-Id: REDACTED
Amz-Sdk-Request: attempt=1; max=3
Authorization: AWS4-HMAC-SHA256 Credential={{aws_access_key_id of user RanVak}}/20231206/us-east-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;content-length;content-type;host;x-amz-date, Signature=REDACTED
Content-Type: application/x-www-form-urlencoded
X-Amz-Date: 20231206T011449Z
Accept-Encoding: gzip

Action=AssumeRole&
RoleArn=arn:aws:iam::REDACTED:role/mfa-role&
RoleSessionName=session-name&
SerialNumber=arn:aws:iam::REDACTED:mfa/Pixel7&
TokenCode=REDACTED&
Version=2011-06-15


SDK 2023/12/05 17:14:49 DEBUG Response
HTTP/1.1 200 OK
Content-Length: 1443
Content-Type: text/xml
Date: Wed, 06 Dec 2023 01:14:49 GMT
X-Amzn-Requestid: REDACTED

<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <AssumeRoleResult>
    <AssumedRoleUser>
      <AssumedRoleId>REDACTED:session-name</AssumedRoleId>
      <Arn>arn:aws:sts::REDACTED:assumed-role/mfa-role/session-name</Arn>
    </AssumedRoleUser>
    <Credentials>
      <AccessKeyId>REDACTED</AccessKeyId>
      <SecretAccessKey>REDACTED</SecretAccessKey>
      <SessionToken>REDACTED</SessionToken>
      <Expiration>2023-12-06T02:14:50Z</Expiration>
    </Credentials>
  </AssumeRoleResult>
  <ResponseMetadata>
    <RequestId>REDACTED</RequestId>
  </ResponseMetadata>
</AssumeRoleResponse>
arn:aws:sts::REDACTED:assumed-role/mfa-role/session-name

My guess is that one of the steps was not done correctly, or you did not setup your authentication device correctly.
Can you please go over my code, and setup and see if it matches yours? Additionally, my code enables the raw request and response logger. You can use that to get an idea of the values you are sending over the wire and see at which part your application fails.

The part I see you were missing is to instruct the SDK to use a specific profile from your config file, but maybe you are doing so from an environment variable that is not visible in your code?

Thanks again,
Ran~

@RanVaknin RanVaknin added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Dec 6, 2023
@cristim
Copy link

cristim commented Dec 7, 2023

In my setup I didn't specify the MFA serial in the Go code, since I had it in my profile.

And I think most people use profiles set in the environment rather than hardcoding them in code anyway.

So my code was something like this:

func connectEC2(region string) (*ec2.Client, error) {
        cfg, err := config.LoadDefaultConfig(context.TODO(),
		config.WithRegion(region),
	)
	if err != nil {
		log.Println("Error loading configuration profile:", err.Error())
		return nil, err
	}

	return ec2.NewFromConfig(cfg), nil
}

And got errors with a profile that has both mfa_serial and another source_profile assumed with IAM role

[profile test]
source_profile = default
role_arn = arn:aws:iam::xxxxxxx:role/DeveloperAccess
mfa_serial = arn:aws:iam::yyyyyyy:mfa/mfa

As a workaround I built this alternative MFA tool that runs as a credentials provider for my profile:
https://github.com/LeanerCloud/assume_role_with_mfa

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 8, 2023
@meyuviofficial
Copy link
Author

Hi @RanVaknin,
Thanks for picking this up. I have tried your code but I'm getting the same error as before.

My Code:

package main

import (
	"context"
	"fmt"
	"log"
	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/sts"
)

func main() {
	cfg, err := config.LoadDefaultConfig(context.TODO(),
		config.WithClientLogMode(aws.LogRequestWithBody|aws.LogResponseWithBody),
		config.WithSharedConfigProfile("sdu-dev-infra"),
	)
	if err != nil {
		log.Fatalf("unable to load SDK config, %v", err)
	}

	stsClient := sts.NewFromConfig(cfg)
	roleArn := "arn:aws:iam::765139991506:role/bea-platform-sre-iam-role"
	mfaSerialNumber := "arn:aws:iam::393751483396:mfa/Yuvi-Mobile"
	tokenCode := "022049" // 6 digit code supplied by google Authenticator app

	assumeRoleInput := &sts.AssumeRoleInput{
		RoleArn:         &roleArn,
		RoleSessionName: aws.String("session-name"),
		SerialNumber:    &mfaSerialNumber,
		TokenCode:       &tokenCode,
	}
	out, err := stsClient.AssumeRole(context.TODO(), assumeRoleInput)
	if err != nil {
		log.Fatalf("unable to assume role, %v", err)
	}

	fmt.Println(*out.AssumedRoleUser.Arn) // logs arn:aws:sts::REDACTED:assumed-role/mfa-role/session-name
}

Error Message:

2023/12/11 15:53:57 unable to load SDK config, assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.
exit status 1

AWS Config

[profile PARENT]
region = us-east-1
mfa_serial = arn:aws:iam::ACCOUNT_NUMBER:mfa/MY_DEVICE

[profile CHILD]
region = eu-west-1
role_arn = arn:aws:iam::ROLE_NUMBER:role/ROLE_NAME
mfa_serial = arn:aws:iam::ACCOUNT_NUMBER:mfa/MY_DEVICE
source_profile = PARENT

As you can see, I'm trying to login to the CHILD Profile as mentioned above where our resources are provisioned. These child profiles are nothing but child accounts used as DTAP environments (DEV, TST, PROD etc.)

This setup works perfectly fine in Python Boto3 and AWS CLI whereas the issue only lies with Go Lang SDK v2. Not sure, whether it works in v1. I haven't tried it yet.

AWS CREDENTIALS

cat ~/.aws/credentials

[PARENT]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

AWS CLI

I also tested with AWS CLI as you mentioned but I passed the profile along with it. And, it worked perfectly fine.

aws iam get-role --role-name $role_name --profile $profile
{
    "Role": {
        "Path": "/",
        "RoleName": "ROLE_NAME",
        "RoleId": "ROLE_ID",
        "Arn": "arn:aws:iam::ROLE_NUMBER:role/ROLE_NAME",
        "CreateDate": "YYYY-MM-DDTHH:MM:SS+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Sid": "idassume",
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::ACCOUNT_NUMBER:root"
                    },
                    "Action": "sts:AssumeRole",
                    "Condition": {
                        "Bool": {
                            "aws:MultiFactorAuthPresent": "true"
                        }
                    }
                }
            ]
        },
        "Description": "ROLE DESCRIPTION",
        "MaxSessionDuration": 3600,
        "RoleLastUsed": {
            "LastUsedDate": "YYYY-MM-DDTHH:MM:SS+00:00",
            "Region": "eu-west-1"
        }
    }
}

PYTHON BOTO3

The same above setup works fine with boto3 as well using the below code.

# aws_service.py

import boto3
from botocore.config import Config


class aws_service:
    def __init__(self, service, region, profile):
        self.session = boto3.Session(profile_name=profile, region_name=region)
        self.client = self.session.client(
            service_name=service,
            config=Config(retries=dict(max_attempts=10, mode="standard")),
        )

The above python method can be called and it is working like a charm.

@meyuviofficial
Copy link
Author

Do you have any updates on this?

@meyuviofficial
Copy link
Author

Hi Team,
Do you have any updates on this?

@RanVaknin RanVaknin added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RanVaknin RanVaknin

Labels
bug This issue is a bug. investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cristim @meyuviofficial @RanVaknin