Closed mpremo closed 3 months ago
Including code snippets for possible error between keyboard & chair. Or misunderstanding the right params for LoadDefaultConfig() to work for ECS IAM creds.
defaultRegion = "us-east-2"
func WithIAMConfig() Option {
return func(a awsService) error {
cfg, err := config.LoadDefaultConfig(context.Background(), config.WithRegion(defaultRegion))
if err != nil {
return fmt.Errorf("[config.LoadDefaultConfig]: %w", err)
}
a.config = cfg
return nil
}
}
func (a awsService) GetRDSAuthenticationToken(ctx context.Context, endpoint string, username string) (string, error) {
authenticationToken, _ := auth.BuildAuthToken(
context.Background(),
fmt.Sprintf("%s:%s", endpoint, "5432"),
defaultRegion,
username, // Database Account
a.config.Credentials,
)
if err != nil {
return "", fmt.Errorf("[auth.BuildAuthToken] failed to create authentication token: %w ", err)
}
return authenticationToken, nil
}
Root cause has been found! Woot!
Coding error with passing by variable instead of reference. Will refactor this to be more straightforward in the future.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.
Acknowledgements
go get -u github.com/aws/aws-sdk-go-v2/...
)Describe the bug
Within my ECS container, task IAM role is setup, credentials are available via the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.
When attempting to LoadDefaultConfig(), the cfg.credentials is NIL, which then errors out.
Using this guide as a reference: https://aws.github.io/aws-sdk-go-v2/docs/sdk-utilities/rds/
Expected Behavior
I'd like to build an auth token to use for RDS access. LoadDefaultConfig should auto-retrieve those variables to use for buildAuthToken().
Current Behavior
cfg.Credentials is NIL
[aws.GetRDSAuthenticationToken]: [auth.BuildAuthToken] failed to create authentication token: credetials provider must not ne nil
https://github.com/aws/aws-sdk-go-v2/blob/feature/rds/auth/v1.4.12/feature/rds/auth/connect.go#L60
Reproduction Steps
Was on AWS Biz support for several hours today. We confirmed it's not a connectivity or authentication issue. Can connect to DB manually & authenticate manually from within the container.
Possible Solution
We aren't sure, but it's probably something obvious...
Additional Information/Context
This is the precedence of events. We are trying for item #3 in the list. https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials
-- If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.
AWS Go SDK V2 Module Versions Used
github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/jmespath/go-jmespath@v0.4.0 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.6.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.0 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/config@v1.27.13 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/credentials@v1.17.13 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.16.1 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/feature/rds/auth@v1.4.9 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/feature/rds/auth@v1.4.9 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.9 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.9 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.9 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.9 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.5 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.5 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.11 github.com/aws/aws-sdk-go-v2@v1.27.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.11 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.17.5 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.17.5 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.6.2 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/internal/v4a@v1.3.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.3.7 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.17.5 github.com/aws/aws-sdk-go-v2/service/s3@v1.53.2 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sesv2@v1.29.1 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sqs@v1.32.0 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/ssm@v1.50.1 github.com/jmespath/go-jmespath@v0.4.0 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sso@v1.20.6 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.24.0 github.com/aws/smithy-go@v1.20.2 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2@v1.26.1 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/internal/configsources@v1.3.5 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.6.5 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.11.2 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.11.7 github.com/aws/aws-sdk-go-v2/service/sts@v1.28.7 github.com/aws/smithy-go@v1.20.2
Compiler and Version used
go version go1.22.2 darwin/arm64
Operating System and version
https://hub.docker.com/layers/library/golang/1.21-bookworm/images/sha256-c3a19cd5704772e61a2da33214219eb0004f3d7a3229d0f9538d9aab9cd43aa2?context=explore