aws-sdk-go: Unable to get EC2 Role Credentials
Please fill out the sections below to help us address your issue.
Version of AWS SDK for Go?
1.13.20
Version of Go (go version)?
1.9.3
What issue did you see?
I used the following method to simply list the objects in a S3 bucket, however the SDK cannot seem to get the EC2 role which is set to s3:* for * resources. This is the code I’m using to list, as well log debug enabled.
I’ve verified that the Role is indeed attached to the instance. One thing I did notice, when curl-ing https://169.254.169.254/latest/meta-data/iam/security-credentials from the instance, I get a timeout as well, but when curl is issued for http only, I get a valid response…
sess := session.New(&aws.Config{
LogLevel: aws.LogLevel(aws.LogDebugWithHTTPBody),
CredentialsChainVerboseErrors: aws.Bool(true),
Region: aws.String("us-east-1"),
})
val, err := sess.Config.Credentials.Get()
fmt.Println(val)
fmt.Println(err)
svc := s3.New(sess)
input := &s3.ListObjectsInput{
Bucket: aws.String("bucket-name"),
}
result, err := svc.ListObjects(input)
if err != nil {
if aerr, ok := err.(awserr.Error); ok {
switch aerr.Code() {
case s3.ErrCodeNoSuchBucket:
fmt.Println(s3.ErrCodeNoSuchBucket, aerr.Error())
default:
fmt.Println(aerr.Error())
}
} else {
// Print the error, cast err to awserr.Error to get the Code and
// Message from an error.
fmt.Println(err.Error())
}
return
}
fmt.Println(result)
Output:
2018/03/24 23:48:26 DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.20 (go1.9.3; linux; amd64)
Accept-Encoding: gzip
-----------------------------------------------------
2018/03/24 23:48:56 DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.20 (go1.9.3; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=***/20180324/us-east-1/es/aws4_request, SignedHeaders=date;host;x-amz-date;x-amz-security-token, Signature=***
Date: 2018-03-24T23:48:26Z
X-Amz-Date: 20180324T234826Z
X-Amz-Security-Token: ***
Accept-Encoding: gzip
-----------------------------------------------------
After a minute or so, I get the following error
{ }
NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
UserHomeNotFound: user home directory not found.
EC2RoleRequestError: no EC2 instance role found
caused by: RequestError: send request failed
caused by: Get https://169.254.169.254/latest/meta-data/iam/security-credentials: dial tcp 169.254.169.254:443: i/o timeout
2018/03/24 23:50:26 DEBUG: Request ec2metadata/GetMetadata Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /latest/meta-data/iam/security-credentials HTTP/1.1
Host: 169.254.169.254
User-Agent: aws-sdk-go/1.13.20 (go1.9.3; linux; amd64)
Accept-Encoding: gzip
-----------------------------------------------------
Steps to reproduce
If you have have an runnable example, please include it.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 20 (9 by maintainers)
I was having the same issue and found that my aws credential var names were lowercase. Coming from the python sdk this is fine. The go sdk on the otherhand is case-sensitive. Once I changed the aws var names to uppercase it worked fine.