Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable Connect do STS if using a VPC #4301

Closed
SolYs02 opened this issue Oct 14, 2024 · 3 comments
Closed

Unable Connect do STS if using a VPC #4301

SolYs02 opened this issue Oct 14, 2024 · 3 comments
Assignees
@tim-finnigan
Labels
bug This issue is a confirmed bug. closed-for-staleness p2 This is a standard priority issue response-requested Waiting on additional information or feedback. sts

Comments

@SolYs02
Copy link

SolYs02 commented Oct 14, 2024
edited
Loading

Describe the bug

When I attempt to send an STS message from a Lambda function in a VPC, I encounter a timeout issue. I tried using the VPC Link, but it didn’t work.

This solution resolved the problem:

assumed_role = boto3.client( "sts", endpoint_url=f"https://sts.{os.environ['AWS_REGION']}.amazonaws.com", )

Expected Behavior

Successfully executed boto3's sts.get_caller_identity().

Current Behavior

Received a timeout error.

Reproduction Steps

Create a VPC without internet access, add an STS interface endpoint, and then attempt to call boto3's sts.get_caller_identity().
@SolYs02 SolYs02 added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels Oct 14, 2024
@tim-finnigan tim-finnigan self-assigned this Oct 17, 2024
@tim-finnigan
Copy link
Contributor

Thanks for reaching out. Can you please share a complete code snippet for reproducing the issue? Also, could you share debug logs (with any sensitive info redacted)? You can get the logs by adding boto3.set_stream_logger('') to your script after importing boto3.

@tim-finnigan tim-finnigan added response-requested Waiting on additional information or feedback. p2 This is a standard priority issue sts and removed needs-triage This issue or PR still needs to be triaged. labels Oct 17, 2024
@github-actions GitHub Actions
Copy link

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Oct 28, 2024
@github-actions github-actions bot closed this as completed Nov 1, 2024
@SolYs02
Copy link
Author

SolYs02 commented Nov 6, 2024

I already found the root cause, it is similar to issue like #3311.
The endpoint that SQS tries to access lacks the region (e.g. https://sts.amazonaws.com) and that doesn't work inside a VPC since the private DNS of a VPCe includes the region.

@SolYs02 SolYs02 mentioned this issue Nov 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tim-finnigan tim-finnigan

Labels
bug This issue is a confirmed bug. closed-for-staleness p2 This is a standard priority issue response-requested Waiting on additional information or feedback. sts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tim-finnigan @SolYs02