-
Notifications
You must be signed in to change notification settings - Fork 653
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sts GetCallerIdentity returns result instead of error in in disabled region #2846
Comments
Hi @AmitOttenheimer , We will need a bit more information to fully understand the issue.
Can you link the docs you are referring to? Which region are you making the request to? What do you mean by "disabled region"? By disabled regions you mean the opt-in regions that have not been opted into? If thats the case, I can make a request to an opt-in region and I do indeed get an error: package main
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/sts"
"log"
)
func main() {
cfg, err := config.LoadDefaultConfig(
context.TODO(),
config.WithRegion("ap-southeast-4"),
config.WithDefaultsMode(aws.DefaultsModeInRegion),
config.WithClientLogMode(aws.LogRequestWithBody),
)
if err != nil {
log.Fatalf("unable to load SDK config, %v", err)
}
client := sts.NewFromConfig(cfg)
out, err := client.GetCallerIdentity(context.TODO(), &sts.GetCallerIdentityInput{})
if err != nil {
panic(err)
}
fmt.Print(out)
}
// panic: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: REDACTED, api error InvalidClientTokenId: The security token included in the request is invalid. Thanks, |
Hey @RanVaknin |
Hi @AmitOttenheimer , Its not clear which screen on the console are you using to disable us-west-2. For us as maintainers, its not possible to disable core regions: But as shown in my previous comment, when making a request to a disabled region I am indeed seeing an error. Thanks, |
Hi @RanVaknin Im doing this using the iam console as mentioned in here https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html |
Hi @AmitOttenheimer, Thanks for the clarification. From the first doc you initially mentioned:
This specifically pertains to using the SDK without any region configured and is not related to disabled regions. package main
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/sts"
"log"
)
func main() {
cfg, err := config.LoadDefaultConfig(
context.TODO(),
config.WithDefaultsMode(aws.DefaultsModeInRegion),
)
if err != nil {
log.Fatalf("unable to load SDK config, %v", err)
}
client := sts.NewFromConfig(cfg)
out, err := client.GetCallerIdentity(context.TODO(), &sts.GetCallerIdentityInput{})
if err != nil {
panic(err)
}
fmt.Print(out)
}
//panic: operation error STS: GetCallerIdentity, failed to resolve service endpoint, endpoint rule error, Invalid Configuration: Missing Region In comparison Go SDK v1 will instead use the global endpoint: package main
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
"log"
)
func main() {
sess, err := session.NewSession(&aws.Config{
LogLevel: aws.LogLevel(aws.LogDebugWithHTTPBody),
})
if err != nil {
panic(err)
}
client := sts.New(sess)
out, err := client.GetCallerIdentityWithContext(context.TODO(), &sts.GetCallerIdentityInput{})
if err != nil {
panic(err)
}
fmt.Print(out)
}
// when region is not provided, the legacy v1 SDK would make the request to the global sts endpoint.
/*
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: sts.amazonaws.com
User-Agent: aws-sdk-go/1.50.9 (go1.23.2; darwin; arm64)
Content-Length: 43
Authorization: REDACTED
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20241029T174638Z
Accept-Encoding: gzip
*/ I hope this clarifies things. Thanks, |
Hey @RanVaknin |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Acknowledgements
go get -u github.com/aws/aws-sdk-go-v2/...
)Describe the bug
Hey,
I am using "github.com/aws/aws-sdk-go-v2/service/sts" in order to check if s specific region sts status is disabled or not.
In the docs its mentioned that if a region is disabled the service client fallback behavior should be failure but I am still getting a result instead of an error
Regression Issue
Expected Behavior
Return Error
Current Behavior
Return the Account Data
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
AWS Go SDK V2 Module Versions Used
github.com/aws/aws-sdk-go-v2/service/[email protected]
Compiler and Version used
1.23.1
Operating System and version
darwin/arm64
The text was updated successfully, but these errors were encountered: