config.LoadDefaultConfig(context.Background(), config.WithRegion(defaultRegion) -- returns cfg.Credentials == Nil

[mpremo]

Acknowledgements

• [X] I have searched (https://github.com/aws/aws-sdk/issues?q=is%3Aissue) for past instances of this issue
• [X] I have verified all of my SDK modules are up-to-date (you can perform a bulk update with go get -u github.com/aws/aws-sdk-go-v2/...)

Describe the bug

Within my ECS container, task IAM role is setup, credentials are available via the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.

When attempting to LoadDefaultConfig(), the cfg.credentials is NIL, which then errors out.

Using this guide as a reference: https://aws.github.io/aws-sdk-go-v2/docs/sdk-utilities/rds/

Expected Behavior

I'd like to build an auth token to use for RDS access. LoadDefaultConfig should auto-retrieve those variables to use for buildAuthToken().

Current Behavior

cfg.Credentials is NIL

[aws.GetRDSAuthenticationToken]: [auth.BuildAuthToken] failed to create authentication token: credetials provider must not ne nil

https://github.com/aws/aws-sdk-go-v2/blob/feature/rds/auth/v1.4.12/feature/rds/auth/connect.go#L60

Reproduction Steps

Was on AWS Biz support for several hours today. We confirmed it's not a connectivity or authentication issue. Can connect to DB manually & authenticate manually from within the container.

Possible Solution

We aren't sure, but it's probably something obvious...

Additional Information/Context

This is the precedence of events. We are trying for item #3 in the list. https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials

-- If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.

AWS Go SDK V2 Module Versions Used

github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/jmespath/go-jmespath@v0.4.0 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.6.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.0 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/feature/rds/auth@v1.4.9 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/feature/rds/auth@v1.4.9 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.9 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.9 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.9 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.9 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.5 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.5 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.11 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.11 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.17.5 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.17.5 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.6.2 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.17.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/jmespath/go-jmespath@v0.4.0 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/smithy-go@v1.20.2

Compiler and Version used

go version go1.22.2 darwin/arm64

Operating System and version

https://hub.docker.com/layers/library/golang/1.21-bookworm/images/sha256-c3a19cd5704772e61a2da33214219eb0004f3d7a3229d0f9538d9aab9cd43aa2?context=explore

[mpremo]

Including code snippets for possible error between keyboard & chair. Or misunderstanding the right params for LoadDefaultConfig() to work for ECS IAM creds.

defaultRegion = "us-east-2"

func WithIAMConfig() Option {
    return func(a awsService) error {
        cfg, err := config.LoadDefaultConfig(context.Background(), config.WithRegion(defaultRegion))
        if err != nil {
            return fmt.Errorf("[config.LoadDefaultConfig]: %w", err)
        }
        a.config = cfg
        return nil
    }
}

func (a awsService) GetRDSAuthenticationToken(ctx context.Context, endpoint string, username string) (string, error) {
    authenticationToken, _ := auth.BuildAuthToken(
        context.Background(),
        fmt.Sprintf("%s:%s", endpoint, "5432"),
        defaultRegion,
        username, // Database Account
        a.config.Credentials,
    )
    if err != nil {
        return "", fmt.Errorf("[auth.BuildAuthToken] failed to create authentication token: %w ", err)
    }
    return authenticationToken, nil
}

[mpremo]

Root cause has been found! Woot!

Coding error with passing by variable instead of reference. Will refactor this to be more straightforward in the future.

[github-actions[bot]]

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.