aws / aws-sdk-cpp

AWS SDK for C++
Apache License 2.0
1.98k stars 1.06k forks source link

example streaming app fails with "A complete signal was sent without the preceding empty frame" #2765

Closed davehorton closed 11 months ago

davehorton commented 12 months ago

Describe the bug

When I try building and running the "getTranscript" example (aws-doc-sdk-examples/cpp/example_code/transcribe) it fails like this:

./get_transcript
Starting...
ERROR: A complete signal was sent without the preceding empty frame.

at that point it hangs.

cmake output when building the example

root@ip-10-0-130-115:/usr/local/src/aws-doc-sdk-examples/cpp/example_code/transcribe/build# cmake ..
-- The CXX compiler identification is GNU 12.2.0
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found AWS SDK for C++, Version: 1.11.202, Install Root:/usr/local, Platform Prefix:, Platform Dependent Libraries: pthread;crypto;ssl;z;curl
-- Components specified for AWSSDK: transcribe;transcribestreaming, application will be depending on libs: aws-cpp-sdk-transcribe;aws-cpp-sdk-transcribestreaming;aws-cpp-sdk-core
-- Try finding aws-cpp-sdk-core
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Success
-- Found Threads: TRUE
-- Found crypto: /usr/lib/x86_64-linux-gnu/libcrypto.a
-- LibCrypto Include Dir: /usr/include
-- LibCrypto Shared Lib:  /usr/lib/x86_64-linux-gnu/libcrypto.so
-- LibCrypto Static Lib:  /usr/lib/x86_64-linux-gnu/libcrypto.a
-- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libcrypto.so (found version "3.0.11")
-- Found aws-cpp-sdk-core
-- Try finding aws-cpp-sdk-transcribestreaming
-- Found aws-cpp-sdk-transcribestreaming
-- Try finding aws-cpp-sdk-transcribe
-- Found aws-cpp-sdk-transcribe
-- Configuring done (0.3s)
-- Generating done (0.0s)
-- Build files have been written to: /usr/local/src/aws-doc-sdk-examples/cpp/example_code/transcribe/build

API log file at debug level

aws_sdk_2023-11-21-15.log

I have seen other issues noting similar issues, but those were mainly on windows (and there were no good resolutions that I could find). This is a debian 12 build. I am using the latest version of libcurl (8.4.0) because I first tried the version installed with debian 12 and found the same issue. I was hoping an upgrade to libcurl might resolve the issue but it did not.

As noted, I have seen several different issues opened for similar errors and no real resolutions: #1743, #599, #1805, #1806, #1747. This is causing me to lose confidence in the SDK, frankly. Should I be writing to the lower-level websocket interface? This would not be my preference, as it is more complex, but I need something that works. I will note that earlier versions of the SDK (1.8.129) worked fine for me; it is only when trying to upgrade to the latest that things stopped working.

Expected Behavior

I expected the example app to return transcripts

Current Behavior

No transcripts were returned, instead the error "A complete signal was sent without the preceding empty frame."

Reproduction Steps

Possible Solution

No response

Additional Information/Context

No response

AWS CPP SDK version used

1.11.202

Compiler and Version used

gcc (Debian 12.2.0-14) 12.2.0

Operating System and version

debian 12

davehorton commented 12 months ago

I should have noted this additional piece of info -- I did change the example slightly to authenticate based on access key/secret access key credentials since this is what I want to do (note: I have deleted the access key used for the test after the fact). So the code with my slight change looked like this

int main() {
    Aws::SDKOptions options;
    options.loggingOptions.logLevel = Aws::Utils::Logging::LogLevel::Debug;
    Aws::InitAPI(options);
    {
        //TODO(User): Set to the region of your AWS account.
        const Aws::String region = Aws::Region::US_EAST_1;

        Aws::Utils::Threading::Semaphore canCloseStream(0 /*initialCount*/, 1 /*maxCount*/);

        //Load a profile that has been granted AmazonTranscribeFullAccess AWS managed permission policy.
        Aws::Client::ClientConfiguration config;
        config.region = region;

        // Set your AWS Access Key and Secret Key here
const Aws::String aws_access_key_id = "AKIAVXXXXXXXXXX";
const Aws::String aws_secret_access_key = "Tf1XlvlYYYYYYYYYYYYYYYYYYYYY";

// Create an AWSCredentials object
Aws::Auth::AWSCredentials credentials(aws_access_key_id, aws_secret_access_key);

// Use the credentials when creating your client
TranscribeStreamingServiceClient client(credentials, config);

When I look at the log file generated, what is interesting is that I see a 403 Forbidden with a message that the IAM role does not have permissions

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] HTTP/1.1 403 Forbidden^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) x-amzn-RequestId: e34a7444-0c5c-4a2e-9127-1d7d7fd0f8a5^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] x-amzn-RequestId: e34a7444-0c5c-4a2e-9127-1d7d7fd0f8a5^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) x-amzn-ErrorType: AccessDeniedException:http://internal.amazon.com/coral/com.amazon.coral.service/^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] x-amzn-ErrorType: AccessDeniedException:http://internal.amazon.com/coral/com.amazon.coral.service/^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) Date: Tue, 21 Nov 2023 16:01:51 GMT^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] Date: Tue, 21 Nov 2023 16:01:51 GMT^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) Content-Type: application/x-amz-json-1.1^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] Content-Type: application/x-amz-json-1.1^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) Content-Length: 274^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] Content-Length: 274^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) connection: keep-alive^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] connection: keep-alive^M

[TRACE] 2023-11-21 16:01:51.265 CurlHttpClient [140561279973056] ^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (Text) HTTP error before end of send, stop sending

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (HeaderIn) ^M

[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (SSLDataIn) 5bytes
[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (SSLDataIn) 1bytes
[DEBUG] 2023-11-21 16:01:51.265 CURL [140561279973056] (DataIn) {"Message":"User: arn:aws:sts::376027039782:assumed-role/jambonz-xyz-IamCloudwatchRole-SjG5F5YbCatG/i-03f9fe354283ede00 is not authorized to perform: transcribe:StartStreamTranscription because no identity-based policy allows the transcribe:StartStreamTranscription action"}

Given that I am trying to authenticate based on an access key / secret access key, and not the IAM role that the EC2 instance has, I am confused about why it is using the IAM role to authenticate with.

jmklix commented 11 months ago

I'm able to successfully compile and run the unmodified sample on debian 12. I think you might be running into these errors because of IAM permissions aren't set up correctly and/or the curl version you are using might be causing problems. Can you take a look at this issue here to make sure you are using the correct curl version?

To make sure the IAM role that you are using is correct can you reply with the JSON permissions you have attached to your access key?

github-actions[bot] commented 11 months ago

Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one.

davehorton commented 11 months ago

I'm going to close for now. I switched to using the websockets api, and I am pretty happy with that.

github-actions[bot] commented 11 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.