search

aws / aws-codedeploy-agent

Host Agent for AWS CodeDeploy
https://aws.amazon.com/codedeploy
Apache License 2.0
328 stars 188 forks source link

AWS proxy on /etc/profile.d/proxy.sh resulting in 'HTTP/1.1 400 Bad Request', 'AccessDeniedException' #338

Closed silvian-io closed 1 year ago

silvian-io commented 1 year ago

Hello,

I face one case where I am not able to run the agent through a proxy.

CASE 1: I edit /etc/profile.d/proxy.sh with the following content:

export http_proxy="http://proxy.station:3128"
export https_proxy="http://proxy.station:3128"
export HTTP_PROXY="http://proxy.station:3128"
export HTTPS_PROXY="http://proxy.station:3128"
export no_proxy='.amazonaws.com'
export NO_PROXY='.amazonaws.com'

I added :proxy_uri: http://proxy.station:3128 to the etc/codedeploy-agent/conf/codedeployagent.yml file and I am getting the following error in codedeploy-agent.aws_wire.log:

opening connection to proxy.station:3128...
opened
<- "CONNECT codedeploy-commands.us-east-2.amazonaws.com:443 HTTP/1.1\r\nHost: codedeploy-commands.us-east-2.amazonaws.com:443\r\nProxy-Authorization: Basic Og==\r\n\r\n"
-> "HTTP/1.1 200 Connection established\r\n"
-> "\r\n"
starting SSL for proxy.station:3128...
SSL established, protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256
<- "POST / HTTP/1.1\r\nContent-Type: application/x-amz-json-1.1\r\nAccept-Encoding: \r\nUser-Agent: aws-sdk-ruby3/3.109.0 ruby/2.7.0 x86_64-linux-gnu aws-sdk-codedeploycommand/1.0.0\r\nX-Amz-Target: CodeDeployCommandService_v20141006.PollHostCommand\r\nX-Amz-Codedeploy-Agent-Version: OFFICIAL_1.3.2-1902_deb\r\nHost: codedeploy-commands.us-east-2.amazonaws.com\r\nX-Amz-Date: 20221101T201124Z\r\n
<CONTENT STRIPPED>
\r\nContent-Length: 84\r\nAccept: */*\r\n\r\n"
-> "HTTP/1.1 400 Bad Request\r\n"
-> "x-amzn-RequestId: <CONTENT STRIPPED>\r\n"
-> "Date: Tue, 01 Nov 2022 20:11:24 GMT\r\n"
-> "Content-Type: application/x-amz-json-1.1\r\n"
-> "Content-Length: 34\r\n"
-> "\r\n"
reading 34 bytes...
-> ""
-> "{\"__type\":\"AccessDeniedException\"}"
read 34 bytes
Conn keep-alive
I, [2022-11-01T20:11:24.807476 #125877]  INFO -- : [Aws::CodeDeployCommand::Client 400 0.034513 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:us-east-2:<CLIENT_ID>:instance/<INSTANCE_ID>") Aws::CodeDeployCommand::Errors::AccessDeniedException

What is strange is that is the PROXY server EC2 instance id, not the one that I am running the agent from. The same is obtained if I leave :proxy_uri: empty.

CASE 2 /etc/profile.d/proxy.sh is empty and :proxy_uri: http://proxy.station:3128 is configured. Everything works fine through the proxy. The log appears without errors and is the host that runs the agent this time.

Is there a way to keep the /etc/profile.d/proxy.sh with all the entries as I need them for the environemnt and have the codedeploy agent work in the same time?

@ccloes-intuit, @suryanarayanan, is this something related to #12 ?

Thank you for your help

CodeDeploy Agent was restarted after each modification/option tried.

I use :

t0shiii commented 1 year ago

We have regression testing around the proxy_uri setting and are not seeing any issues.