Exception - Error retrieving credentials from the instance profile metadata service.

catalyst / moodle-local_aws

A moodle plugin containing Amazon's SDK for PHP.

17 stars 30 forks source link

Exception - Error retrieving credentials from the instance profile metadata service. #27

Open cwarwicker opened 4 years ago

cwarwicker commented 4 years ago

Hi,

We've installed the latest version of libralamba and of local_aws onto a client's staging site, but when going to the libralamba config page, we get an error from local_aws:

Exception - Error retrieving credentials from the instance profile metadata service. (Client error: GET http://xxx.xxx.xxx.xxx/latest/meta-data/iam/security-credentials/ resulted in a 404 Not Found response: <?xml version="1.0" encoding="iso-8859-1"?>

Spoke briefly to P.Spicer in chat and he said the error was likely: "local_aws trying to look up which regions exist for AWS that do Lambda and failing because it doesn't respect Moodle's proxy settings"

Is this something we could get a fix for, please?

Thanks.

Conn

Catalyst EU

brendanheywood commented 4 years ago

This sounds like a bug in librelambda and should be logged there not here. Also that doesn't sound right because the moodle proxy was added in this issue:

https://github.com/catalyst/moodle-fileconverter_librelambda/issues/28

It almost sounds like the reverse, ie that url should not go through the proxy and is?

This might also be a duplicate of this issue: https://github.com/catalyst/moodle-fileconverter_librelambda/issues/27

brendanheywood commented 4 years ago

@cwarwicker I'll reopen this as its as good a place as any until we get to the proper root cause. Also I did a quick check and this IAM stuff definitely should not go through the moodle proxy, this is an internal call the AWS and that endpoint is not available from the internet. @Arantor can you share any more detail?

cwarwicker commented 4 years ago

We've just tried switching the useproxy setting in the database from 1 to 0 and that hasn't made any difference. The usesdkcreds setting is currently 0, is that worth switching as well? Or would that not make any difference?

brendanheywood commented 4 years ago

Just to help diagnose the issue it would be good to try all the permutations. I would only be expecting it to hit latest/meta-data/iam/security-credentials/ if usesdkcreds is = 0 and you should only have that set to use AIM if you have actually set it up.

cwarwicker commented 4 years ago

Hi,

So we tried all 4 combinations of the useproxy and usekdscreds settings: 00, 01, 10, 11 and they all resulted in the same error.

I spoke to the sys-admins and we are pretty confident the rset of the settings (api keys, buckets, et.c..) are correct, though they were unable to run the librelambda tests as they said there were errors in the documentation.