Open peteristhegreat opened 2 years ago
So we found a solution outside of julia for this...
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-expired-token/
The steps we followed were to install an Instance IAMRole and not rely on the 5 minute or 15 minute token files that are defaulted in Cloud9.
Turn off the current credentials scheme (https://www.eksworkshop.com/020_prerequisites/workspaceiam/)
aws cloud9 update-environment --environment-id $C9_PID --managed-credentials-action DISABLE
rm -vf ${HOME}/.aws/credentials
Create an instance IAM role...
Select trusted entity
AWS service
Use case
EC2
Add permissions # similar to developer IAM group
(what you need for julia to perform thru AWS SDK)
Name
Cloud9Instance # or whatever you want to call it
Go to the EC2 instance for the Cloud9 environment
Context: EC2 > Instance (for cloud9)
Actions > Security > Modify IAM role
Cloud9Instance
Verify the instance is getting the new credentials properly.
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/Cloud9Instance
aws configure list
Note that the credentials refresh once a day instead of every few minutes.
The expired token was getting injected in the result that the AWS SDK was returning. The doubled up xml failed in parsexml in
XMLDict
. This appears to be a kind of race condition on token refresh on AWS Cloud9. If I wait long enough between AWS calls, the next call has this error very consistently.Maybe the solution is to split the response from the AWS SDK if the string
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
shows up more than once? For now I am putting a dummy call before my real call with a try catch around it, just so theExpiredToken
, doesn't crash my process.XMLDict.jl
Putting an xml dump in XMLDict showed me this (but without the whitespace):
AWS cli version included in Cloud9 on ubuntu 18.04
Julia version