RanVaknin
commented
2 days ago Hi @meenar-se ,
Thanks for reaching out. This is interesting. The error you are seeing is a permissions error and is usually unrelated to the SDK version.
From the description of the problem it sounds like it started happening after upgrading to a more recent version. Does rolling back to version 3.577.0 solve this issue for you? If so, can you please add this middleware hook to your snippet and share the logged request and response both for 3.577.0 and the latest version?
fastify.get('/ping', async function handler (request, reply) {
fastify.log.info("ping method started")
const client = new SSMClient({})
client.middlewareStack.add(next => async (args) => {
console.log(args.request)
const response = await next(args);
console.log(response);
return response;
}, {step: 'finalizeRequest'})
// rest of the code
That would allow us to examine exactly what changed in the request to get a better idea of where the discrepancy in behavior might be coming from.
Thanks again, Ran~
meenar-se
Checkboxes for prior research
Describe the bug
We have deployed a application which is using SSM Client to read the configuration from SSM parameter store and its deployed to EKS. When we are using the @aws-sdk/client-ssm v3.596.0 we are getting an error Not authorized to perform sts:AssumeRoleWithWebIdentity
Detailed error stack: { "name": "AccessDenied", "$fault": "client", "$metadata": { "httpStatusCode": 403, "requestId": "1d07a44e-af6b-4256-8f8d-f02e828023e7", "attempts": 1, "totalRetryDelay": 0 }, "Type": "Sender", "Code": "AccessDenied", "message": "Not authorized to perform sts:AssumeRoleWithWebIdentity" }
But the same code is working fine with @aws-sdk/client-ssm v3.577.0
SDK version number
@aws-sdk/client-ssm@3.596.0, @aws-sdk/client-sts@3.596.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v20.15.0
Reproduction Steps
Deploy this test project https://github.com/meenar-se/aws-sdk-issue Call the API curl --location --request GET 'localhost:8080/ping'
Expected behavior: Get the values from SSM parameter
Actual Behavior: Getting Access Denied Exception
{"err":{"type":"STSServiceException","message":"Not authorized to perform sts:AssumeRoleWithWebIdentity","stack":"AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n at throwDefaultError (/fastify-sts-example/node_modules/@smithy/smithy-client/dist-cjs/index.js:839:20)\n at /fastify-sts-example/node_modules/@smithy/smithy-client/dist-cjs/index.js:848:5\n at de_CommandError (/fastify-sts-example/node_modules/@aws-sdk/client-sts/dist-cjs/index.js:476:14)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","name":"AccessDenied","$fault":"client","$metadata":{"httpStatusCode":403,"requestId":"1c9069d9-04ad-4e93-85b2-330b10f232c8","attempts":1,"totalRetryDelay":0},"Type":"Sender","Code":"AccessDenied"},"msg":"Error getting SSM Parameter:"}
Observed Behavior
Initially we were using the @aws-sdk/client-ssm v3.577.0 and it has the peer dependency @aws-sdk/client-sts v3.577.0 there were no issues. As soon as we upgraded our project to use the latest version we are facing the issue.
And if we use the v3.577.0 there is no issue.
It seems to be an issue with @aws-sdk/client-sts library which is added as a peer dependency to all of the client libraries.
Expected Behavior
Expecting to connect to the get the credentials and make connection AWS services
Possible Solution
No response
Additional Information/Context
No response