You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have verified all of my SDK modules are up-to-date (you can perform a bulk update with go get -u github.com/aws/aws-sdk-go-v2/...)
Describe the bug
We run Go in an ECS container in Fargate. I attached a policy to the ECS task execution role that should get it access to SES (we want to send an e-mail) but it fails to access the IMDS endpoint:
Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: connect: invalid argument
Therefore, it cannot access credentials and thus the call to SES fails.
Closing this bug report now, this was my mistake. For any future reader: I attached the policy to the ECS task execution role, but processes running inside ECS containers use credentials from the task role. A subtle, but crucial difference. Adding a new role as task role and attaching the policy to that fixed my problem.
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
Acknowledgements
go get -u github.com/aws/aws-sdk-go-v2/...
)Describe the bug
We run Go in an ECS container in Fargate. I attached a policy to the ECS task execution role that should get it access to SES (we want to send an e-mail) but it fails to access the IMDS endpoint:
Therefore, it cannot access credentials and thus the call to SES fails.
Expected Behavior
I would expect the SDK to load the credentials from the role/policy. Perhaps this requires accessing a different IP address as listed here:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
Credentials can be retrieved from
curl 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
Current Behavior
It tries to connect to http://169.254.169.254/latest/meta-data/iam/security-credentials/ but it fails
The IP address is hardcoded here:
aws-sdk-go-v2/feature/ec2/imds/api_client.go
Line 59 in 49b368e
Reproduction Steps
The example from the docs will do:
But make sure to run it inside a Docker container on Fargate, for example with this
task-definition.json
The text was updated successfully, but these errors were encountered: