Open Chris-Pr opened 1 week ago
We rotate the certificates once a year, and there's a known issue with PowerShell and certificate pinning (I know you didn't capture the error but I suspect it was similar to the ones described in https://github.com/aws/aws-tools-for-powershell/issues/232 and https://github.com/aws/aws-tools-for-powershell/issues/297).
Is there a specific reason you're putting the AWSSDK.Core.dll
file in the GAC? It should already be included in the PowerShell modules install folder (that version will not be using a different certificate - but it's ignored as the GAC file takes precedence):
All we are doing is calling Write-S3Object in our PS script. I wonder if the GAC install of aws.core is done by aws on its windows 2019 sql instance ami, I will spawn a new one and check.
Having the SDK in the GAC will cause problems because the GAC version of the SDK will get used over what is installed with the PowerShell module. You will get version mismatch issues and method not found exceptions with the SDK in the GAC as the version in the GAC gets old compared to what is shipped with PowerShell modules.
EC2 amis do not put the SDK in the GAC but sometimes third party software incorrectly puts the AWS SDK into the GAC.
Also refer How the Runtime Locates Assemblies. GAC always take precedence over local assemblies and hence it is not a good idea to install AWSSDK assemblies in GAC since due to legacy reasons, the assembly version is fixed at 3.3.0.0. So it would always load assembly from GAC, if it is present.
Describe the bug
Each year in Sept, we have issues with a powershell script that uploads logs to s3. aws.core is used. But we have to delete the library from the GAC and reinstall the module, before it works again.
error in powershell "Write-S3Object : Could not load type 'Amazon.Runtime.IDefaultConfiguration' from assembly 'AWSSDK.Core, Version=3.3.0.0, Culture=neutral""
A simple Get-S3Object -BucketName example-bucketname produces the error.
Fix: We have to delete the reg key HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
then remove the library from GAC .\gacutil.exe -u AWSSDK.Core
then reinstall Install-Module -Name AWS.Tools.Installer -Force Install-AWSToolsModule AWS.Tools.EC2,AWS.Tools.S3 -CleanUp
then powershell can write to s3 again.
But it happens every year, and i saw a certificate error in powershell but did not capture it.
I did some light reading and it seems GAC and Signing assembly with strong name required a certificate and this may expire each year causing GAC issues.
Is this known? Are we doing something wrong?
Expected Behavior
Powershell should continue to function and write to s3
Current Behavior
fails every year on Sept 6 with Write-S3Object : Could not load type 'Amazon.Runtime.IDefaultConfiguration' from assembly 'AWSSDK.Core, Version=3.3.0.0, Culture=neutral
Reproduction Steps
Get-S3Object -BucketName example-bucketname
Possible Solution
No response
Additional Information/Context
No response
AWS .NET SDK and/or Package version used
Unknown
Targeted .NET Platform
unknown
Operating System and version
Windows Server 2019