aws / graph-explorer

React-based web application that enables users to visualize both property graph and RDF data and explore connections between data without having to write graph queries.
https://github.com/aws/graph-explorer
Apache License 2.0
333 stars 48 forks source link

support for IMDS v2 only #652

Open xanhuang opened 3 weeks ago

xanhuang commented 3 weeks ago

Description

I run a set of userdata commands to spin up Graph Explorer in an EC2.
Auth is via IAM auth and EC2 have the necessary IAM role attached.

#!/bin/bash
cd /home/ec2-user
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` 
EC2_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/public-ipv4)
EC2_HOSTNAME="https://"$EC2_IP
echo $EC2_HOSTNAME
yum update -y
yum install git docker -y
git clone https://github.com/aws/graph-explorer/
systemctl start docker
docker buildx build graph-explorer -t "graph-explorer" 
docker run -p 80:80 -p 443:443 --env HOST=$EC2_HOSTNAME --env PUBLIC_OR_PROXY_ENDPOINT=$EC2_HOSTNAME --env GRAPH_TYPE=gremlin --env USING_PROXY_SERVER=true --env IAM=true --env AWS_REGION=us-east-1 --env GRAPH_CONNECTION_URL=https://[redacted].us-east-1.neptune.amazonaws.com:8182 --env PROXY_SERVER_HTTPS_CONNECTION=true --env GRAPH_EXP_FETCH_REQUEST_TIMEOUT=240000 graph-explorer

This setup has been working well for months but recently it started to fail with this error:

[01:57:58.914] ERROR (40): Could not load credentials from any providers
    err: {
      "type": "CredentialsProviderError",
      "message": "Could not load credentials from any providers",
      "stack":
          CredentialsProviderError: Could not load credentials from any providers
              at /graph-explorer/node_modules/.pnpm/@aws-sdk+credential-provider-node@3.669.0_@aws-sdk+client-sso-oidc@3.669.0_@aws-sdk+client-st_jgfgvmcemvjj3jgtiyicg7kanm/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js:136:13
              at /graph-explorer/node_modules/.pnpm/@smithy+property-provider@3.1.7/node_modules/@smithy/property-provider/dist-cjs/index.js:97:33
              at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
              at async coalesceProvider (/graph-explorer/node_modules/.pnpm/@smithy+property-provider@3.1.7/node_modules/@smithy/property-provider/dist-cjs/index.js:124:18)
              at async /graph-explorer/node_modules/.pnpm/@smithy+property-provider@3.1.7/node_modules/@smithy/property-provider/dist-cjs/index.js:142:18
              at async getIAMHeaders (file:///graph-explorer/packages/graph-explorer-proxy-server/dist/node-server.js:21:19)
              at async retryFetch (file:///graph-explorer/packages/graph-explorer-proxy-server/dist/node-server.js:36:26)
              at async fetchData (file:///graph-explorer/packages/graph-explorer-proxy-server/dist/node-server.js:96:26)
      "name": "CredentialsProviderError",
      "tryNextLink": false
    }

Graph Explorer could not synchronise with Neptune Database as a result.

Environment

Expected Behavior

To use IAM auth from EC2 and connect to Neptune Database.


[!IMPORTANT] If you are interested in working on this issue or have submitted a pull request, please leave a comment.

[!TIP] Please use a 👍 reaction to provide a +1/vote.

This helps the community and maintainers prioritize this request.

xanhuang commented 3 weeks ago

Got it to work again if i update my EC2 Instance to run on imds v1 and v2. If only v2 is allowed, this will break.

Can this be fixed please?

kmcginnes commented 3 weeks ago

Related to