search

aws / aws-sdk-net

The official AWS SDK for .NET. For more information on the AWS SDK for .NET, see our web site:
http://aws.amazon.com/sdkfornet/
Apache License 2.0
2.05k stars 852 forks source link

AWSSDK.Core Could Not load from assembly GAC issues #3471

Open Chris-Pr opened 1 week ago

Chris-Pr commented 1 week ago

Describe the bug

Each year in Sept, we have issues with a powershell script that uploads logs to s3. aws.core is used. But we have to delete the library from the GAC and reinstall the module, before it works again.

error in powershell "Write-S3Object : Could not load type 'Amazon.Runtime.IDefaultConfiguration' from assembly 'AWSSDK.Core, Version=3.3.0.0, Culture=neutral""

A simple Get-S3Object -BucketName example-bucketname produces the error.

Fix: We have to delete the reg key HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global

then remove the library from GAC .\gacutil.exe -u AWSSDK.Core

then reinstall Install-Module -Name AWS.Tools.Installer -Force Install-AWSToolsModule AWS.Tools.EC2,AWS.Tools.S3 -CleanUp

then powershell can write to s3 again.

But it happens every year, and i saw a certificate error in powershell but did not capture it.

I did some light reading and it seems GAC and Signing assembly with strong name required a certificate and this may expire each year causing GAC issues.

Is this known? Are we doing something wrong?

Expected Behavior

Powershell should continue to function and write to s3

Current Behavior

fails every year on Sept 6 with Write-S3Object : Could not load type 'Amazon.Runtime.IDefaultConfiguration' from assembly 'AWSSDK.Core, Version=3.3.0.0, Culture=neutral

Reproduction Steps

Get-S3Object -BucketName example-bucketname

Possible Solution

No response

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

Unknown

Targeted .NET Platform

unknown

Operating System and version

Windows Server 2019

dscpinheiro commented 1 week ago

We rotate the certificates once a year, and there's a known issue with PowerShell and certificate pinning (I know you didn't capture the error but I suspect it was similar to the ones described in https://github.com/aws/aws-tools-for-powershell/issues/232 and https://github.com/aws/aws-tools-for-powershell/issues/297).

Is there a specific reason you're putting the AWSSDK.Core.dll file in the GAC? It should already be included in the PowerShell modules install folder (that version will not be using a different certificate - but it's ignored as the GAC file takes precedence):

powershell_modules

Chris-Pr commented 1 week ago

All we are doing is calling Write-S3Object in our PS script. I wonder if the GAC install of aws.core is done by aws on its windows 2019 sql instance ami, I will spawn a new one and check.

normj commented 1 week ago

Having the SDK in the GAC will cause problems because the GAC version of the SDK will get used over what is installed with the PowerShell module. You will get version mismatch issues and method not found exceptions with the SDK in the GAC as the version in the GAC gets old compared to what is shipped with PowerShell modules.

EC2 amis do not put the SDK in the GAC but sometimes third party software incorrectly puts the AWS SDK into the GAC.

ashishdhingra commented 1 week ago

Also refer How the Runtime Locates Assemblies. GAC always take precedence over local assemblies and hence it is not a good idea to install AWSSDK assemblies in GAC since due to legacy reasons, the assembly version is fixed at 3.3.0.0. So it would always load assembly from GAC, if it is present.