search

aws / aws-sdk-cpp

AWS SDK for C++
Apache License 2.0
1.96k stars 1.06k forks source link

It is taking Default credential provider even if I am providing a specific named profile #2343

Closed ank8690 closed 2 months ago

ank8690 commented 1 year ago

I am working on a desktop application which uses AWS-SDK-CPP on windows and encountered an awkward behavior because I am not getting the correct result for the named profile. The interesting fact is that it was sometimes giving network error, sometimes Access Denied. I have this profile defined in .aws/credentials:

[profile-name]
aws_access_key_id=xxxxxxxxxxx
aws_secret_access_key=xxxxxxxxxxxyyyyyyyyyyyyyyyyyyyyy

My config file looks like:

[profile profile-name]
region=eu-central-1
output=json

My Actual code is:

Aws::S3::S3ClientConfiguration config(m_ProfileName.c_str());
Aws::Auth::ProfileConfigFileAWSCredentialsProvider provider(m_ProfileName.c_str());
auto credentials = provider.GetAWSCredentials();
std::shared_ptr<Aws::S3::S3EndpointProvider> endPoint = Aws::MakeShared<Aws::S3::S3EndpointProvider>(Aws::S3::S3Client::SERVICE_NAME);
// After Several hours of amazing debugging journey, I found that I was not using the proper constructor
m_s3Client = new Aws::S3::S3Client( credentials, endPoint, config);
Aws::S3::Model::ListObjectsV2Request req;
req.SetBucket(m_bucketName);
Aws::S3::Model::ListObjectsV2Outcome outcome = m_s3Client->ListObjectsV2(req);
if(outcome.IsSuccess())
{
        std::cout << "Connection to AWS is successful. Files will be uploaded to bucket : " << m_bucketName << "\n";
}
else
{
    auto err = outcome.GetError();
    std::cout << "Verification failed, ExceptionName = "<< err.GetExceptionName() << ", Message = " <<
                 , err.GetMessage() << "\n";
}

Expected Behavior

Connection to AWS is successful. Files will be uploaded to bucket

Current Behavior

Verification failed, ExceptionName = AccessDenied, Message = Access Denied

Reproduction Steps

If you use the above code with required header files, then you will be able to reproduce it.

Possible Solution

I am trying to use my own code for reading the credentials (instead of a credential provider written in AWS SDK) from the file and then it works. Here is the code sample: auto credentials = readCredentialsFromAwsCredFile(m_ProfileName);

Additional Information/Context

If one used this constructor for S3 Client: m_s3Client = new Aws::S3::S3Client(config) where config is defined as: Aws::S3::S3ClientConfiguration config(m_ProfileName.c_str()); then only it will be calling default credentials provider, but I don't think that is correct behavior. Once I have defined specific named profile, then it should use that everywhere and should never override that.

Otherwise, if you use the constructor like this: m_s3Client = new Aws::S3::S3Client( credentials, endPoint, config); then it will use SimpleCredentialProvider and works fine.

AWS CPP SDK version used

1.11.8

Compiler and Version used

Microsoft Visual C++ Compiler 17.4.33213.308 (x86_amd64)

Operating System and version

Windows 10

jmklix commented 1 year ago

Are you making sure to setup the sdk correctly with:

Aws::SDKOptions options;
Aws::InitAPI(options);
{
    //your code here
}
Aws::ShutdownAPI(options);

I am trying to use my own code for reading the credentials (instead of a credential provider written in AWS SDK) from the file and then it works. Can you successfully use the credential provider written in AWS SDK? Is there a specific reason that you are trying to avoid using the build in credentials provider?

ank8690 commented 1 year ago

Yes, I have setup the sdk correctly with InitAPI and ShutdownAPI. If I use the credentials provider for named profiles, it is trying to override the credentials somewhere in SDK as per my understanding while I debugged inside. Can you let me know by seeing the above code if I missed something in using credentials anywhere?

jmklix commented 2 months ago

I can successfully use a non default profile when using the code that you have above. I would check to make sure you are using the correct endpoint, that the region you have set is correct, and any other possible settings. Please let me know if you still have any questions about setting up credentials with this sdk

github-actions[bot] commented 2 months ago

Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one.