Closed sidpalas closed 1 week ago
Possible area of investigation:
any update on this issue? the same is also applicable to china (cn-north-1)
Any updates or workaround for this issue? @sidpalas your workaround does not seem to work for me.
I did find a workaround. Essentially I did what was mentioned above, but instead of putting the endpoint config in the default providerconfig I created a new one called "gov" and used that instead of default for any resources that needed it.
This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale
. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh
will mark this issue as not stale.
This issue is being closed since there has been no activity for 14 days since marking it as stale
. If you still need help, feel free to comment or reopen the issue!
What happened?
I attempted to create IAM resources in
us-gov
but the resources were never created and resulted in the following STS error:I believe this has to do with the fact that IAM resources do not have a region field in their
forProvider
configuration and it ends up falling back to a hardcoded default ofus-east-1
I found this issue: https://github.com/crossplane-contrib/provider-aws/issues/596 and attempted to use the custom endpoint configuration for the
ProviderConfig
to specify a specific endpoint signing region with the following configuration but the STS error remained.Finally, I used a ControllerConfig to set
AWS_DEFAULT_REGION
in the AWS provider deployment at which point I was able to successfully provision the resources.I would have expected the custom endpoint to be sufficient, but I think the STS error was being thrown before the custom endpoint could be used.
How can we reproduce it?
Install the AWS provider
Create a
ProviderConfig
with AWS credentials for a user with permissions in nonaws
partition (e.g.aws-gov
)What environment did it happen in?