search

aws / aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Apache License 2.0
2.2k stars 853 forks source link

SecretsManagerClient throws can't find credentials while using snapstart #4312

Closed RickVerkuijlen closed 1 year ago

RickVerkuijlen commented 1 year ago

Describe the bug

We want to fetch a value from the secretsmanager using the AWS SDK. When using the SecretsManagerClient with snapstart enabled, the client cannot find the AWS credentials. Other services (like the IotClient) do seem to find the credentials.

The bug is gone when snapstart is disabled.

Expected Behavior

The client should find the credentials that are used by the Lambda, like other SDK clients.

Current Behavior

software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId). | Caused by: software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).

Reproduction Steps

    private final SecretsManagerClient secretsClient;

    public SecretsService() {
        secretsClient = SecretsManagerClient.create();
    }

    public String getDownloadServiceSecret() {
        String secret;
        try {
            GetSecretValueRequest valueRequest = GetSecretValueRequest.builder()
                    .secretId("download-service-secret")
                    .build();

            GetSecretValueResponse valueResponse = secretsClient.getSecretValue(valueRequest);
            secret = valueResponse.secretString();
        } catch (SecretsManagerException e) {
            LOGGER.error(e.awsErrorDetails().errorMessage());
            return "";
        }
        return secret;
    }

Possible Solution

Same way of fetching AWS Credentials like the other SDK clients.

Additional Information/Context

No response

AWS Java SDK version used

2.19.19 (Also happens with latest version)

JDK version used

11

Operating System and version

Happens on AWS Lambda with Snapstart. Locally it works (MacOS)

RickVerkuijlen commented 1 year ago

I've experienced this on more than one SDK right now. It also happens on the S3Client.

RickVerkuijlen commented 1 year ago

Next time, I need to take a closer look to the documentation: https://docs.aws.amazon.com/lambda/latest/dg/snapstart-activate.html#snapstart-credentials

github-actions[bot] commented 1 year ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

plachanc73 commented 1 year ago

@RickVerkuijlen I am curious to get more details on the solution you put in place to fix your issue. As solution, did you add those variables as documented in https://docs.aws.amazon.com/lambda/latest/dg/snapstart-activate.html#snapstart-credentials? If yes, how did you determine the appropriate values for those variables? AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost/get-credential AWS_CONTAINER_AUTHORIZATION_TOKEN=Basic abcd