search

aws / aws-tools-for-powershell

The AWS Tools for PowerShell lets developers and administrators manage their AWS services from the PowerShell scripting environment.
Apache License 2.0
239 stars 79 forks source link

AWSHealth uses wrong endpoint then fails to parse response? #324

Closed shufgy closed 1 year ago

shufgy commented 1 year ago

Describe the bug

Using Get-HLTHEvent it tries to reach: health.eu-west-1.amazonaws.com:443 This doesn't exist.

I think it /might/ want health.aws.amazon.com but that didn't work. Get-HLTHEvent -EndPointURL https://health.aws.amazon.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: Error unmarshalling response back from AWS. HTTP Status Code: 200 OK

Expected Behavior

To be returned the health events for the account. They are global so per region doesn't make any sense here.

Current Behavior

Error messages like: Get-HLTHEvent -EndPointURL https://health.aws.amazonaws.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: No such host is known. (health.aws.amazonaws.com:443)

Random guess: Get-HLTHEvent -EndPointURL https://health.aws.amazon.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: Error unmarshalling response back from AWS. HTTP Status Code: 200 OK

Reproduction Steps

Get-HLTHEvent -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: No such host is known. (health.eu-west-1.amazonaws.com:443)

Random try: Get-HLTHEvent -EndPointURL https://health.aws.amazon.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: Error unmarshalling response back from AWS. HTTP Status Code: 200 OK

Possible Solution

No response

Additional Information/Context

No response

AWS Tools for PowerShell version used

Get-InstalledModule

Version Name Repository Description

4.1.343 AWS.Tools.AWSHealth C:\Users\shuggins\A… The AWSHealth module of AWS Tools for Po… 4.1.343 AWS.Tools.Common C:\Users\shuggins\A… The AWS Tools for PowerShell lets develo… 4.1.343 AWS.Tools.EC2 C:\Users\shuggins\A… The EC2 module of AWS Tools for PowerShe… 4.1.343 AWS.Tools.ECS C:\Users\shuggins\A… The ECS module of AWS Tools for PowerShe… 4.1.343 AWS.Tools.IdentityManagement C:\Users\shuggins\A… The IdentityManagement module of AWS Too… 1.0.2.4 AWS.Tools.Installer PSGallery The AWS.Tools.Installer module makes it … 4.1.343 AWS.Tools.S3 C:\Users\shuggins\A… The S3 module of AWS Tools for PowerShel… 4.1.343 AWS.Tools.SecurityToken C:\Users\shuggins\A… The SecurityToken module of AWS Tools fo… 4.1.343 AWS.Tools.SQS C:\Users\shuggins\A… The SQS module of AWS Tools for PowerShe…

PowerShell version used

$PSVersionTable

Name Value

PSVersion 7.3.2 PSEdition Core GitCommitId 7.3.2 OS Microsoft Windows 10.0.17763 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

Operating System and version

Windows 10

ashishdhingra commented 1 year ago

Hi @shufgy,

Good afternoon.

Thanks for reporting the issue. The page AWS Health endpoints and quotas specifies the supported endpoints for AWS Health service. Could you please try the following:

My assumption is that in your default profile chain, region eu-west-1 might have been configured which is leading to endpoint resolution to health.eu-west-1.amazonaws.com:443.

Thanks, Ashish

shufgy commented 1 year ago

Aha! Yes that works.

This doesn't: Get-HLTHEvent -EndPointURL https://global.health.amazonaws.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: Credential should be scoped to a valid region.

But this does: Get-HLTHEvent -Region us-east-1 -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"}

And returns events about things in other regions (given it's global) so that's me happy I think.

Probably the module should default to that?

Thanks for the very prompt response!

ashishdhingra commented 1 year ago

Aha! Yes that works.

This doesn't: Get-HLTHEvent -EndPointURL https://global.health.amazonaws.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} Get-HLTHEvent: Credential should be scoped to a valid region.

But this does: Get-HLTHEvent -Region us-east-1 -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"}

And returns events about things in other regions (given it's global) so that's me happy I think.

Probably the module should default to that?

Thanks for the very prompt response!

@shufgy Good afternoon. I enabled the verbose logging for PowerShell using guidance at Response Logging in AWS Tools for Windows PowerShell. Here are the logs:

Amazon Information: 0 : Resolved DefaultConfigurationMode for RegionEndpoint [] to [Legacy].
Amazon Information: 0 : Starting a process with the following ProcessInfo: UseShellExecute - False RedirectStandardError - True, RedirectStandardOutput - True, CreateNoWindow - True
Amazon Information: 1 : Process started
Amazon Information: 0 : Process ends with exitcode - 0
Amazon Error: 0 : An exception of type HttpErrorResponseException was handled in ErrorHandler., Amazon.Runtime.Internal.HttpErrorResponseException: Exception of type 'Amazon.Runtime.Internal.HttpErrorResponseException' was thrown.
   at Amazon.Runtime.HttpWebRequestMessage.GetResponseAsync(CancellationToken cancellationToken)
   at Amazon.Runtime.Internal.HttpHandler`1.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.Unmarshaller.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.ErrorHandler.InvokeAsync[T](IExecutionContext executionContext)
Amazon Error: 1 : Received error response: [{"__type":"InvalidSignatureException","message":"Credential should be scoped to a valid region. "}], Amazon.AWSHealth.AmazonAWSHealthException: Credential should be scoped to a valid region. 
 ---> Amazon.Runtime.Internal.HttpErrorResponseException: Exception of type 'Amazon.Runtime.Internal.HttpErrorResponseException' was thrown.
   at Amazon.Runtime.HttpWebRequestMessage.GetResponseAsync(CancellationToken cancellationToken)
   at Amazon.Runtime.Internal.HttpHandler`1.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.Unmarshaller.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.ErrorHandler.InvokeAsync[T](IExecutionContext executionContext)
   --- End of inner exception stack trace ---
Amazon Error: 2 : AmazonAWSHealthException making request DescribeEventsRequest to https://global.health.amazonaws.com/. Attempt 1., Amazon.AWSHealth.AmazonAWSHealthException: Credential should be scoped to a valid region. 
 ---> Amazon.Runtime.Internal.HttpErrorResponseException: Exception of type 'Amazon.Runtime.Internal.HttpErrorResponseException' was thrown.
   at Amazon.Runtime.HttpWebRequestMessage.GetResponseAsync(CancellationToken cancellationToken)
   at Amazon.Runtime.Internal.HttpHandler`1.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.Unmarshaller.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.ErrorHandler.InvokeAsync[T](IExecutionContext executionContext)
   --- End of inner exception stack trace ---
   at Amazon.Runtime.Internal.HttpErrorResponseExceptionHandler.HandleExceptionStream(IRequestContext requestContext, IWebResponseData httpErrorResponse, HttpErrorResponseException exception, Stream responseStream)
   at Amazon.Runtime.Internal.HttpErrorResponseExceptionHandler.HandleExceptionAsync(IExecutionContext executionContext, HttpErrorResponseException exception)
   at Amazon.Runtime.Internal.ExceptionHandler`1.HandleAsync(IExecutionContext executionContext, Exception exception)
   at Amazon.Runtime.Internal.ErrorHandler.ProcessExceptionAsync(IExecutionContext executionContext, Exception exception)
   at Amazon.Runtime.Internal.ErrorHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.Signer.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.EndpointDiscoveryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.EndpointDiscoveryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
Amazon Information: 3 : Request metrics: AsyncCall = True; CanonicalRequest = POST\n/\n\ncontent-type:application/x-amz-json-1.1\nhost:global.health.amazonaws.com\nuser-agent:AWSPowerShell.Common/4.1.343.0 .NET_Core/7.0.5 OS/Darwin_22.5.0_Darwin_Kernel_Version_22.5.0:_Mon_Apr_24_20:53:44_PDT_2023;_root:xnu-8796.121.2~5/RELEASE_ARM64_T8103 PowerShellCore/7.-1 ClientAsync\nx-amz-api-version:2016-08-04\nx-amz-content-sha256:8be55554be49163b63764c5b316e567c8c57ed1badc63e3d0f2f8c2f38729d7a\nx-amz-date:20230602T222806Z\nx-amz-security-token:IQoJb3JpZ2luX2VjEKf//////////wEaCXVzLWVhc3QtMSJIMEYCIQDqwg/THVLwf2qW1ryPUg2Pi+JnjoN54h0TkYAta/raZAIhANYz81YYaC6BjpO2w9BQm+A0ZdxVPB62uPuIJsIYtBYbKqYCCOD//////////wEQARoMMTM5NDgwNjAyOTgzIgwENbI6h9AaLKjUMMgq+gHNB4gmGdv+bhblrWKfmV50ukZ/gtK+czQsTm86a0dmfaRHkxmwDW1hSRxWGLNRGRe5iDcylWinh7V+j3UToOoyHrDAzS0rjhx/3uu5I/N60HBsIWAuwGOc5FEzXDdndEEWiCPwaDD8Co/gUfsXmRwg2JfLH7klrp7b8nN37GK8lsf6UyinOXGTMYvZeroaUZa2BZdxr18PtNjvL0MCr1rzP4vZCJkD4qZrtQj9h3DRUcmsPZovWuBnqa0Va4zkl0mJ0RegW5n7zxIy8bw3DVBFXTGwTENs9+rm/DIZNCK00u4FPtDfGd9+j0XUbjAZ0pObqcFwVlit9YCMMPbZ6aMGOpwBXoW2zWCwwuzB7vxUdKg3/i17xgj9E4/duWCAu0xrjlNkcz09r0c0w8RdlJrnH8AnvoSsn737E73lY4GzYDBXPGDqDZUWFEcvE72jsCcSR7LTtEpHugov2uoc3x1SrqT3bWjyXCM7uoTEpmo8781netGkmt+st1qZVTnvz8eBDGajZZMka3JdyRBkYts9DZaRkDPaoj2CZx5Mo6Hb\nx-amz-target:AWSHealth_20160804.DescribeEvents\n\ncontent-type;host;user-agent;x-amz-api-version;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-target\n8be55554be49163b63764c5b316e567c8c57ed1badc63e3d0f2f8c2f38729d7a; StringToSign = AWS4-HMAC-SHA256\n20230602T222806Z\n20230602/us-east-2/health/aws4_request\n9ea3e30aa8ebd7e262ef00326098f66fdfbd980ad600d6fa3742cb99b6220b58; ServiceName = Amazon.AWSHealth; ServiceEndpoint = https://global.health.amazonaws.com/; MethodName = DescribeEventsRequest; RequestSize = 63; Exception = Amazon.Runtime.Internal.HttpErrorResponseException: Exception of type 'Amazon.Runtime.Internal.HttpErrorResponseException' was thrown.\n   at Amazon.Runtime.HttpWebRequestMessage.GetResponseAsync(CancellationToken cancellationToken)\n   at Amazon.Runtime.Internal.HttpHandler`1.InvokeAsync[T](IExecutionContext executionContext)\n   at Amazon.Runtime.Internal.Unmarshaller.InvokeAsync[T](IExecutionContext executionContext)\n   at Amazon.Runtime.Internal.ErrorHandler.InvokeAsync[T](IExecutionContext executionContext); StatusCode = BadRequest; AWSRequestID = ab8effcb-b1a5-4c8a-9093-9c0a2bdbf4f1; AWSErrorCode = InvalidSignatureException; CredentialsRequestTime = 00:00:02.8349833; RequestSigningTime = 00:00:00.0003276; HttpRequestTime = 00:00:00.6093906; ClientExecuteTime = 00:00:03.4557838;

The error Credential should be scoped to a valid region. is returned by the service. So in your case, since it works for us-east-1 region (assuming that your AWS Health subscription is in us-east-1 region), the command Get-HLTHEvent -EndPointURL https://health.us-east-1.amazonaws.com -Filter_StartTime @{from="4/30/2023 6:30:00AM";to="8/31/2023 5:00:00PM"} should work. I would prefer the use of explicit region using -Region parameter rather than using -EndpointUrl.

Please confirm if this helps. I would then convert this into discussion so that it is easily discoverable by other users for guidance.

Thanks, Ashish

github-actions[bot] commented 1 year ago

This issue has not received a response in 5 days. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.