Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(credentials): assume role credentials in aws/config do not work since 2.167.0 #32137

Closed
1 task done
otbe opened this issue Nov 14, 2024 · 3 comments
Closed
1 task done

(credentials): assume role credentials in aws/config do not work since 2.167.0 #32137

otbe opened this issue Nov 14, 2024 · 3 comments
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. effort/medium Medium work item – several days of effort p1 potential-regression Marking this issue as a potential regression to be checked by team member

Comments

@otbe
Copy link

otbe commented Nov 14, 2024
edited
Loading

Describe the bug

In ~/.aws/config I have the following:

[default]
region=eu-central-1
credential_source=Ec2InstanceMetadata
role_arn=my-role-arn
duration_seconds=3600
role_session_name=my-session-name

This setup works fine in 2.166.0 and is broken in 2.167.0.
I think its related to: #32120

The same ~/.aws/config works fine with aws cli, aws sdk js v3 and boto3

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

2.166.0

Expected Behavior

It should work :)

Current Behavior

32120	cli: commands fail with authentication error 'The security token included in the request is invalid'
	Overview: When using IAM user credentials, or when the region is
	          defined in `~/.aws/credentials` but not `~/.aws/config`, the
	          CLI is unable to authenticate and to determine the AWS
	          account and region to be used.

Reproduction Steps

[default]
region=eu-central-1
credential_source=Ec2InstanceMetadata
role_arn=my-role-arn
duration_seconds=3600
role_session_name=my-session-name

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.167.0

Framework Version

No response

Node.js Version

22

OS

al2023

Language

TypeScript

Language Version

No response

Other information

No response
@otbe otbe added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 14, 2024
@github-actions github-actions bot added @aws-cdk/aws-iam Related to AWS Identity and Access Management potential-regression Marking this issue as a potential regression to be checked by team member labels Nov 14, 2024
@ashishdhingra
Copy link
Contributor

@otbe The issue #32120 has been actively being worked upon. Please follow that issue for any updates. If you think this issue is duplicate, please close this one.

Thanks,
Ashish

@ashishdhingra ashishdhingra added p1 effort/medium Medium work item – several days of effort labels Nov 14, 2024
@ashishdhingra ashishdhingra mentioned this issue Nov 14, 2024
Closed
@ashishdhingra ashishdhingra removed the needs-triage This issue or PR still needs to be triaged. label Nov 14, 2024
@otbe
Copy link
Author

otbe commented Nov 14, 2024

Indeed I was confused by the message and thought that assume role credentials also do not work (and not only user credentails :))

@otbe otbe closed this as completed Nov 14, 2024
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. effort/medium Medium work item – several days of effort p1 potential-regression Marking this issue as a potential regression to be checked by team member
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@otbe @ashishdhingra