New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Transcribe Streaming HTTP2 error message with WebToken #5958
Comments
Hi @MartinEmrich - thanks for reaching out and sorry to hear about the issue. While I investigate, I'd like to clarify how you're obtaining credentials on the code example that gave you the error since you mentioned you were able to workaround with |
@aBurmeseDev See above: I use an IAM Service Account within an EKS Cluster, which effectively is the web token auth. (EKS automatically injects the web token and sets the AWS_WEB_IDENTITY_TOKEN_FILE environment variable. Using any official AWS SDK, this works automatically without any extra code.) So to reproduce:
|
@MartinEmrich - thanks for getting back. Sorry if I wasn’t clear on my question but I was looking for your working vs non-working code to get more understanding of the issue. The more detailed information we can get, the faster we can debug and identify the root cause. Just to provide some background on the error: this protocol error can occur for a number of reasons, generally related to HTTP/2 communication issues. Here are a few that I narrowed down based on the information you provided:
If issue persists, please share more requested information so that I can further assist you. Best, |
This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing. |
Hello John! Sorry for the delay, I somehow overlooked your response. Again, my working vs. non-working code is in the original post, if you are missing a specific information, please be specific. The issue is not in the Transcribe client or server itself (actually, as I understand, transcribe not only supports, but actually requires HTTP/2 for streaming). The issue seems to be in the authentication step. My speculation: Your code example would do the opposite: force the Transcribe client to use the NodeHttp2Handler (which it seems to use already, as the Transcribe streaming works fine) I do not use any proxies or load balancers. There is nothing custom between the code and the AWS API endpoints; it runs in plain AWS EKS cluster with IAM service account in an AWS VPC. |
Checkboxes for prior research
Describe the bug
AWS Transcribe Streaming fails with errors like
SDK version number
@aws-sdk/client-transcribe-streaming 3.540.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v20.5.1
Reproduction Steps
Use Transcribe Streaming from a service within an AWS EKS Kubernetes cluster with an IAM service account.
Observed Behavior
Running the service (in fact the same container image) locally (AWS SSO auth) or on an EC2 instance (IAM instance role) works as expected.
Running it on AWS EKS with an IAM service account (Token file authentication), the STSClient call made by the Transcribe client fails:
Expected Behavior
I expect it to work with IRSA just as with any other AWS API authentication method
Possible Solution
Inspired by the workaround in #2533, I got it working in a similar way, by explicitly creating the credential provider (in my case, the fromTokenFile provider):
Additional Information/Context
The text was updated successfully, but these errors were encountered: