New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MissingRegion on S3 GetObject in v1.25.18 #2909
Comments
I get this same issue using STS to make IAM calls. As an additional data point, some services (like Hashicorp Vault) use signed but unsubmitted
Best guess: a breaking change to the SDK API was made and tagged as a minor revision. |
Thanks for letting us know about this issue. Could you provide more information about how the passed in |
@AgentZombie What error is being returned from the |
I think we have an idea what is going on here, with the following example easily reproduces the behavior change. client := sts.New(session.Must(session.NewSession()))
req, _ := client.GetCallerIdentityRequest(nil)
err := req.Sign()
fmt.Println("err", err) On v1.25.17 Sign has no error, but fails with missing region on v1.25.18. |
The issue occurring prior to v1.25.18 is that the SDK was incorrectly allowing no region to be specified for the STS client. The SDK is supposed to require a region for all clients, but STS was escaping that validation due to a bug in how the SDK resolved the service's modeled endpoints. The behavior prior to v1.25.18 is definition a bug in the SDK's endpoint resolver incorrectly resolving the global The best workaround for this issue without reverting to v1.25.17 is to specify the region for the STS client. We're investigating how best to cover the case where STS was usable without a region, even though one should of been required. |
I wasn't catching the My session being passed in:
where:
|
Thanks, our code is now working in v1.25.18 and v1.25.19 with this change: - creds := stscreds.NewCredentials(session.Must(session.NewSession()), arn)
+ creds := stscreds.NewCredentials(session.Must(session.NewSession(&aws.Config{
+ Region: aws.String(region),
+ })), arn) |
Can confirm my issue is resolve using
|
Thanks for the update. This exposed a behavior bug in the SDK's resolving of endpoints for multiple services. Specifically, the SDK will attempt to resolve "global" AWS services without a region also being specified. We're investigating the best way to resolve this issue. |
Fixes the SDK's behavior when attempting to resolve a service's endpoint when no region was provided. Adds legacy support for services that were able to resolve a valid endpoint. No new service will support resolving an endpoint without an region. Fixes aws#2909
Fixes the SDK's behavior when attempting to resolve a service's endpoint when no region was provided. Adds legacy support for services that were able to resolve a valid endpoint. No new service will support resolving an endpoint without an region. Fixes #2909
Thanks for reporting this issue. I've merged in #2911 fixing the SDK's behavior with regard to empty region when resolving service endpoints. This change preserved the SDK's behavior for clients that successfully returned an endpoint even though no region was provided. For all other services, a more useful error message is logged. This change will be included in the SDK's next tagged release. |
=== ### Service Client Updates * `service/ecr`: Updates service API, documentation, and paginators * This release of Amazon Elastic Container Registry Service (Amazon ECR) introduces support for image scanning. This identifies the software vulnerabilities in the container image based on the Common Vulnerabilities and Exposures (CVE) database. * `service/elasticache`: Updates service API and documentation * Amazon ElastiCache adds support for migrating Redis workloads hosted on Amazon EC2 into ElastiCache by syncing the data between the source Redis cluster and target ElastiCache for Redis cluster in real time. For more information, see https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/migrate-to-elasticache.html. * `service/transfer`: Updates service API and documentation * This release adds logical directories support to your AWS SFTP server endpoint, so you can now create logical directory structures mapped to Amazon Simple Storage Service (Amazon S3) bucket paths for users created and stored within the service. Amazon S3 bucket names and paths can now be hidden from AWS SFTP users, providing an additional level of privacy to meet security requirements. You can lock down your SFTP users' access to designated folders (commonly referred to as 'chroot'), and simplify complex folder structures for data distribution through SFTP without replicating files across multiple users. ### SDK Enhancements * `aws/client`: Add PartitionID to Config ([#2902](#2902)) * `aws/client/metadata`: Add PartitionID to ClientInfo ([#2902](#2902)) * `aws/endpoints`: Add PartitionID to ResolvedEndpoint ([#2902](#2902)) ### SDK Bugs * `aws/endpoints`: Fix resolve endpoint with empty region ([#2911](#2911)) * Fixes the SDK's behavior when attempting to resolve a service's endpoint when no region was provided. Adds legacy support for services that were able to resolve a valid endpoint. No new service will support resolving an endpoint without an region. * Fixes [#2909](#2909)
Release v1.25.20 (2019-10-28) === ### Service Client Updates * `service/ecr`: Updates service API, documentation, and paginators * This release of Amazon Elastic Container Registry Service (Amazon ECR) introduces support for image scanning. This identifies the software vulnerabilities in the container image based on the Common Vulnerabilities and Exposures (CVE) database. * `service/elasticache`: Updates service API and documentation * Amazon ElastiCache adds support for migrating Redis workloads hosted on Amazon EC2 into ElastiCache by syncing the data between the source Redis cluster and target ElastiCache for Redis cluster in real time. For more information, see https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/migrate-to-elasticache.html. * `service/transfer`: Updates service API and documentation * This release adds logical directories support to your AWS SFTP server endpoint, so you can now create logical directory structures mapped to Amazon Simple Storage Service (Amazon S3) bucket paths for users created and stored within the service. Amazon S3 bucket names and paths can now be hidden from AWS SFTP users, providing an additional level of privacy to meet security requirements. You can lock down your SFTP users' access to designated folders (commonly referred to as 'chroot'), and simplify complex folder structures for data distribution through SFTP without replicating files across multiple users. ### SDK Enhancements * `aws/client`: Add PartitionID to Config ([#2902](#2902)) * `aws/client/metadata`: Add PartitionID to ClientInfo ([#2902](#2902)) * `aws/endpoints`: Add PartitionID to ResolvedEndpoint ([#2902](#2902)) ### SDK Bugs * `aws/endpoints`: Fix resolve endpoint with empty region ([#2911](#2911)) * Fixes the SDK's behavior when attempting to resolve a service's endpoint when no region was provided. Adds legacy support for services that were able to resolve a valid endpoint. No new service will support resolving an endpoint without an region. * Fixes [#2909](#2909)
=== Services --- * Synced the V2 SDK with latest AWS service API definitions. SDK Bugs --- * `aws/endpoints`: aws/endpoints: Fix SDK resolving endpoint without region ([#420](#420)) * Fixes the SDK's endpoint resolve incorrectly resolving endpoints for a service when the region is empty. Also fixes the SDK attempting to resolve a service when the service value is empty. * Related to [aws/aws-sdk-go#2909](aws/aws-sdk-go#2909)
=== Services --- * Synced the V2 SDK with latest AWS service API definitions. SDK Bugs --- * `aws/endpoints`: aws/endpoints: Fix SDK resolving endpoint without region ([#420](#420)) * Fixes the SDK's endpoint resolve incorrectly resolving endpoints for a service when the region is empty. Also fixes the SDK attempting to resolve a service when the service value is empty. * Related to [aws/aws-sdk-go#2909](aws/aws-sdk-go#2909)
* Release v0.18.0 (2019-12-12) === Services --- * Synced the V2 SDK with latest AWS service API definitions. SDK Bugs --- * `aws/endpoints`: aws/endpoints: Fix SDK resolving endpoint without region ([#420](#420)) * Fixes the SDK's endpoint resolve incorrectly resolving endpoints for a service when the region is empty. Also fixes the SDK attempting to resolve a service when the service value is empty. * Related to [aws/aws-sdk-go#2909](aws/aws-sdk-go#2909)
Version of AWS SDK for Go?
v1.25.18
Version of Go (
go version
)?go version go1.13.3 darwin/amd64
What issue did you see?
Steps to reproduce
This works in release v1.25.17, but not in v1.25.18. How do we adjust our code for the new release?
The text was updated successfully, but these errors were encountered: