Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad Credentials retrieved in Fargate Container #4040

Open
tyliggity opened this issue Mar 1, 2024 · 0 comments
Open

Bad Credentials retrieved in Fargate Container #4040

tyliggity opened this issue Mar 1, 2024 · 0 comments
Labels
bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged.

Comments

@tyliggity
Copy link

tyliggity commented Mar 1, 2024
edited

Describe the bug

I have a Fargate Task container where it cannot do basic S3 and STS operations with the credentials that boto3 is using. I have confirmed that the Task has a Task Role with the appropriate permissions and frankly, I have another AWS Account with these same CloudFormation templates running perfectly. This has never happened before.

When I manually assume the Task Role locally and provide those credentials to the container via environment variables, everything works perfectly. I am not sure how to tell that the credentials were properly set for the task role but they don't work in the container and they don't work locally either (I tried).

In fact, I also created a boto3 session and used those frozen credentials... same result. For example, accessing STS operation GetCallerIdentity yielded error InvalidClientTokenId. But, again, providing the task role credentials manually worked.

Expected Behavior

boto3 should get valid credentials on its own from the metadata endpoint and those credentials should have the same access as the ECS task role

Current Behavior

The credentials are invalid despite the fact that the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set (i.e. value of /v2/credentials/f11cb8c1-606f-4e1d-8f1a-20f62ad276bb) and the fact that there are no container logs which state the metadata endpoint cannot be reached.

Reproduction Steps

Fargate 1.4
CloudFormation snippet:

TaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: task-role
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: sts:AssumeRole

  TaskRolePolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: !Sub platform-apps-${ServiceName}-svc-task-role
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:PutObject
            - s3:ListBucket
          Resource:
            - !Sub ${UserProfilePicsBucketArn}
            - !Sub ${UserProfilePicsBucketArn}/*
      Roles:
        - !Ref TaskRole

Possible Solution

No response

Additional Information/Context

CloudWatch logs from the STS call:

CloudWatch Logs Live tail
Region: eu-west-1
Log group name(s): arn:aws:logs:eu-west-1:891377041103:log-group:/platform/apps/auth/svc:*
Log stream name(s): /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
Log stream prefix:
Filter pattern:

Event Time Message Log group Log stream
2024-03-01T09:55:35.339+00:00 INFO: �09:55:35 api:13 [0e030683a5b247cfb3ef83ddae776c33] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:35.340+00:00 INFO: �09:55:35 api:18 [0e030683a5b247cfb3ef83ddae776c33] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:35.445+00:00 INFO: �09:55:35 api:13 [0daf1190d0de486587f8e05618995a20] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:35.445+00:00 INFO: �09:55:35 api:18 [0daf1190d0de486587f8e05618995a20] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.268+00:00 INFO: �09:55:38 api:13 [816ed0b255b148ba8697110a594140db] HTTP Request: POST http://api-auth.stage.XXXXXXXX.com/v1/auth/pass/forgot 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.329+00:00 DEBUG: �09:55:38 api:9 [816ed0b255b148ba8697110a594140db] AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: /v2/credentials/e9e4b267-05c7-4c3a-b442-86f510e97d3b 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.330+00:00 DEBUG:botocore.hooks:Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.331+00:00 DEBUG:botocore.hooks:Changing event name from before-call.apigateway to before-call.api-gateway 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.332+00:00 DEBUG:botocore.hooks:Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.333+00:00 DEBUG:botocore.hooks:Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.333+00:00 DEBUG:botocore.hooks:Changing event name from before-parameter-build.route53 to before-parameter-build.route-53 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.334+00:00 DEBUG:botocore.hooks:Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.334+00:00 DEBUG:botocore.hooks:Changing event name from docs..autoscaling.CreateLaunchConfiguration.complete-section to docs..auto-scaling.CreateLaunchConfiguration.complete-section 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.336+00:00 DEBUG:botocore.hooks:Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.336+00:00 DEBUG:botocore.hooks:Changing event name from docs..logs.CreateExportTask.complete-section to docs..cloudwatch-logs.CreateExportTask.complete-section 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.337+00:00 DEBUG:botocore.hooks:Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.337+00:00 DEBUG:botocore.hooks:Changing event name from docs..cloudsearchdomain.Search.complete-section to docs..cloudsearch-domain.Search.complete-section 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.340+00:00 DEBUG:botocore.utils:IMDS ENDPOINT: http://169.254.169.254/ 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.341+00:00 DEBUG:botocore.credentials:Looking for credentials via: env 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.341+00:00 INFO:botocore.credentials:Found credentials in environment variables. 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.343+00:00 DEBUG:botocore.loaders:Loading JSON file: /venv/lib/python3.11/site-packages/botocore/data/endpoints.json 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.357+00:00 DEBUG:botocore.loaders:Loading JSON file: /venv/lib/python3.11/site-packages/botocore/data/sdk-default-configuration.json 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.357+00:00 DEBUG:botocore.hooks:Event choose-service-name: calling handler <function handle_service_name_alias at 0x7fb365f5ce00> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.375+00:00 DEBUG:botocore.loaders:Loading JSON file: /venv/lib/python3.11/site-packages/botocore/data/sts/2011-06-15/service-2.json.gz 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.393+00:00 DEBUG:botocore.loaders:Loading JSON file: /venv/lib/python3.11/site-packages/botocore/data/sts/2011-06-15/endpoint-rule-set-1.json.gz 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.394+00:00 DEBUG:botocore.loaders:Loading JSON file: /venv/lib/python3.11/site-packages/botocore/data/partitions.json 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.395+00:00 DEBUG:botocore.hooks:Event creating-client-class.sts: calling handler <function add_generate_presigned_url at 0x7fb365e88cc0> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.395+00:00 DEBUG:botocore.configprovider:Looking for endpoint for sts via: environment_service 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.395+00:00 DEBUG:botocore.configprovider:Looking for endpoint for sts via: environment_global 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.395+00:00 DEBUG:botocore.configprovider:Looking for endpoint for sts via: config_service 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.395+00:00 DEBUG:botocore.configprovider:Looking for endpoint for sts via: config_global 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.395+00:00 DEBUG:botocore.configprovider:No configured endpoint found. 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.396+00:00 DEBUG:botocore.endpoint:Setting sts timeout as (60, 60) 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.397+00:00 DEBUG:botocore.loaders:Loading JSON file: /venv/lib/python3.11/site-packages/botocore/data/_retry.json 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.398+00:00 DEBUG:botocore.client:Registering retry handlers for service: sts 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.398+00:00 DEBUG:botocore.hooks:Event before-parameter-build.sts.GetCallerIdentity: calling handler <function generate_idempotent_uuid at 0x7fb365f5e700> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.regions:Calling endpoint provider with parameters: {'Region': 'eu-west-1', 'UseDualStack': False, 'UseFIPS': False, 'UseGlobalEndpoint': True} 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.regions:Endpoint provider result: https://sts.amazonaws.com 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.regions:Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.regions:Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 'sts'} 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.hooks:Event before-call.sts.GetCallerIdentity: calling handler <function add_recursion_detection_header at 0x7fb365f5d1c0> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.hooks:Event before-call.sts.GetCallerIdentity: calling handler <function inject_api_version_header_if_needed at 0x7fb3660f0220> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.399+00:00 DEBUG:botocore.endpoint:Making request for OperationModel(name=GetCallerIdentity) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'Boto3/1.34.53 md/Botocore#1.34.53 ua/2.0 os/linux#5.10.209-198.858.amzn2.x86_64 md/arch#x86_64 lang/python#3.11.8 md/pyimpl#CPython exec-env/AWS_ECS_FARGATE cfg/retry-mode#legacy Botocore/1.34.53'}, 'body': {'Action': 'GetCallerIdentity', 'Version': '2011-06-15'}, 'url': 'https://sts.amazonaws.com/', 'context': {'client_region': 'eu-west-1', 'client_config': <botocore.config.Config object at 0x7fb3655373d0>, 'has_streaming_input': False, 'auth_type': 'v4', 'signing': {'region': 'us-east-1', 'signing_name': 'sts'}, 'endpoint_properties': {'authSchemes': [{'name': 'sigv4', 'signingName': 'sts', 'signingRegion': 'us-east-1'}]}}} 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 DEBUG:botocore.hooks:Event request-created.sts.GetCallerIdentity: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fb365537390>> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 DEBUG:botocore.hooks:Event choose-signer.sts.GetCallerIdentity: calling handler <function set_operation_specific_signer at 0x7fb365f5e5c0> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 DEBUG:botocore.auth:Calculating signature using v4 auth. 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 DEBUG:botocore.auth:CanonicalRequest: 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 POST 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 / 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 content-type:application/x-www-form-urlencoded; charset=utf-8 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 host:sts.amazonaws.com 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 x-amz-date:20240301T095538Z 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 x-amz-security-token:IQoJb3JpZ2luX2VjEEAaCWV1LXdlc3QtMSJIMEYCIQC2SN/Y5ksgx829h4T7Kl/vgWfueZSELMnbFaYrHryHtwIhAK4JaUcr8BHWnCcAktwJ77vcAXpH2HsoKNWVTPUyYCsRKuoBCCkQABoMMzE0NzY3ODk1ODg0Igx9YO2D/3YDtI8Ee78qxwEOm0sXKEw8jHnkRtYpmRZV3nPVJXZMWlEyluZypX1g/rFK8UVdD1dsRBf67ix1ii8iu2lhv8rKDsPce/KeNpVNYeT3D2CxVbgB04kYBUoHofZSZrAitdroaGWZaccDbof+DYtw1oWasiUPgnw8etgGBSynxkp+iWlyQ/gbek2Aa7+PhqhhPgsJ+Jd48TvBq4FkriT2upbGH9PdadQWnQiwoUKpmgzT09ycj8hVOMWDJm5+lTvUPR5duqNvaOAH2ssrqriKzPuAMKat0a4GOpcB0jxbXwFncy5eT2GS3/wkZv26Xr9kC60hASc3OweGdKRjknqp+H2QEjS3sQLXsUrHYAcLmyoyGhdk0whgVP5gmHvr3k5dxTTKkd+tu5rDYH/kxwJZXMW71rfagfD0U7qx8n3FvIG92FdccFWXUmLPNiRb9aFCcdmzglKZ91deUuEFPDcTZqkdNThLAn7N3HUWGINPqb4mCw== 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 content-type;host;x-amz-date;x-amz-security-token 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 ab821ae955788b0e33ebd34c208442ccfc2d406e2edc5e7a39bd6458fbb4f843 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 DEBUG:botocore.auth:StringToSign: 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 AWS4-HMAC-SHA256 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 20240301T095538Z 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 20240301/us-east-1/sts/aws4_request 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 7057386c754690cff6392a52ed876ee78fec8d46ed6947c5bc682c077122d058 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 DEBUG:botocore.auth:Signature: 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.400+00:00 855c2684f27207899495197b69a3e15a1be9b03605106e8c7602fd2650ae0663 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.401+00:00 DEBUG:botocore.hooks:Event request-created.sts.GetCallerIdentity: calling handler <function add_retry_headers at 0x7fb3660f09a0> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.401+00:00 DEBUG:botocore.endpoint:Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://sts.amazonaws.com/, headers={'Content-Type': b'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': b'Boto3/1.34.53 md/Botocore#1.34.53 ua/2.0 os/linux#5.10.209-198.858.amzn2.x86_64 md/arch#x86_64 lang/python#3.11.8 md/pyimpl#CPython exec-env/AWS_ECS_FARGATE cfg/retry-mode#legacy Botocore/1.34.53', 'X-Amz-Date': b'20240301T095538Z', 'X-Amz-Security-Token': b'IQoJb3JpZ2luX2VjEEAaCWV1LXdlc3QtMSJIMEYCIQC2SN/Y5ksgx829h4T7Kl/vgWfueZSELMnbFaYrHryHtwIhAK4JaUcr8BHWnCcAktwJ77vcAXpH2HsoKNWVTPUyYCsRKuoBCCkQABoMMzE0NzY3ODk1ODg0Igx9YO2D/3YDtI8Ee78qxwEOm0sXKEw8jHnkRtYpmRZV3nPVJXZMWlEyluZypX1g/rFK8UVdD1dsRBf67ix1ii8iu2lhv8rKDsPce/KeNpVNYeT3D2CxVbgB04kYBUoHofZSZrAitdroaGWZaccDbof+DYtw1oWasiUPgnw8etgGBSynxkp+iWlyQ/gbek2Aa7+PhqhhPgsJ+Jd48TvBq4FkriT2upbGH9PdadQWnQiwoUKpmgzT09ycj8hVOMWDJm5+lTvUPR5duqNvaOAH2ssrqriKzPuAMKat0a4GOpcB0jxbXwFncy5eT2GS3/wkZv26Xr9kC60hASc3OweGdKRjknqp+H2QEjS3sQLXsUrHYAcLmyoyGhdk0whgVP5gmHvr3k5dxTTKkd+tu5rDYH/kxwJZXMW71rfagfD0U7qx8n3FvIG92FdccFWXUmLPNiRb9aFCcdmzglKZ91deUuEFPDcTZqkdNThLAn7N3HUWGINPqb4mCw==', 'Authorization': b'AWS4-HMAC-SHA256 Credential=ASIAUSSNA5VGC2QLAUJP/20240301/us-east-1/sts/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=855c2684f27207899495197b69a3e15a1be9b03605106e8c7602fd2650ae0663', 'amz-sdk-invocation-id': b'cc1f9228-ec07-4a40-a2be-afbdbf930649', 'amz-sdk-request': b'attempt=1', 'Content-Length': '43'}> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.401+00:00 DEBUG:botocore.httpsession:Certificate path: /venv/lib/python3.11/site-packages/certifi/cacert.pem 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.401+00:00 DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): sts.amazonaws.com:443 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.706+00:00 DEBUG:urllib3.connectionpool:https://sts.amazonaws.com:443 "POST / HTTP/1.1" 403 305 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.706+00:00 DEBUG:botocore.parsers:Response headers: {'x-amzn-RequestId': 'eb5e29aa-718f-4f78-99bd-8f25795b0fec', 'Content-Type': 'text/xml', 'Content-Length': '305', 'Date': 'Fri, 01 Mar 2024 09:55:38 GMT'} 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.706+00:00 DEBUG:botocore.parsers:Response body: 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.706+00:00 b'\n \n Sender\n InvalidClientTokenId\n The security token included in the request is invalid\n \n eb5e29aa-718f-4f78-99bd-8f25795b0fec\n\n' 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.707+00:00 DEBUG:botocore.hooks:Event needs-retry.sts.GetCallerIdentity: calling handler <botocore.retryhandler.RetryHandler object at 0x7fb36554c5d0> 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.707+00:00 DEBUG:botocore.retryhandler:No retry needed. 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.707+00:00 ERROR: �09:55:38 api:146 [816ed0b255b148ba8697110a594140db] An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:38.709+00:00 INFO: �09:55:38 api:18 [816ed0b255b148ba8697110a594140db] HTTP Response: POST http://api-auth.stage.XXXXXXXX.com/v1/auth/pass/forgot 500 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:40.850+00:00 INFO: �09:55:40 api:13 [159a924750734dc0861d3a9810079727] HTTP Request: GET http://127.0.0.1:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:55:40.850+00:00 INFO: �09:55:40 api:18 [159a924750734dc0861d3a9810079727] HTTP Response: GET http://127.0.0.1:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:05.359+00:00 INFO: �09:56:05 api:13 [147c01617d964c09b654a2c343d634a3] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:05.360+00:00 INFO: �09:56:05 api:18 [147c01617d964c09b654a2c343d634a3] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:05.475+00:00 INFO: �09:56:05 api:13 [f8e5714ddcc7414d9823db7157bd52fc] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:05.475+00:00 INFO: �09:56:05 api:18 [f8e5714ddcc7414d9823db7157bd52fc] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:35.381+00:00 INFO: �09:56:35 api:13 [6a196e18a44b4a698f75e40d3d0543df] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:35.381+00:00 INFO: �09:56:35 api:18 [6a196e18a44b4a698f75e40d3d0543df] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:35.495+00:00 INFO: �09:56:35 api:13 [a39d3da64b9d4f4d8af718dc8052e4ad] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:35.496+00:00 INFO: �09:56:35 api:18 [a39d3da64b9d4f4d8af718dc8052e4ad] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:40.846+00:00 INFO: �09:56:40 api:13 [548688706ec043bab86745c85a763a1b] HTTP Request: GET http://127.0.0.1:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:56:40.847+00:00 INFO: �09:56:40 api:18 [548688706ec043bab86745c85a763a1b] HTTP Response: GET http://127.0.0.1:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:57:05.409+00:00 INFO: �09:57:05 api:13 [86097b4c0401439ab3f36b9a82bfce39] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:57:05.409+00:00 INFO: �09:57:05 api:18 [86097b4c0401439ab3f36b9a82bfce39] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:57:05.524+00:00 INFO: �09:57:05 api:13 [abda390e5c5048408056893cfe6dd76d] HTTP Request: GET http://192.168.3.224:5000/diag/health 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa
2024-03-01T09:57:05.524+00:00 INFO: �09:57:05 api:18 [abda390e5c5048408056893cfe6dd76d] HTTP Response: GET http://192.168.3.224:5000/diag/health 200 891377041103:/platform/apps/auth/svc /ecs/platform-apps-auth-svc-container/84a1f513a5ea4896b732137881bc2efa

SDK version used

1.34.53

Environment details (OS name and version, etc.)

Fargate 1.4
@tyliggity tyliggity added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels Mar 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tyliggity