Closed ewbankkit closed 2 weeks ago
@ewbankkit this would be great, after a ton of troubleshooting it seems that the 5.65.0 provider uses the HTTP/2 gRPC protocol for services such as AWS IAM. The problem we have with this in our environment is that we use an egress filter on our AWS network firewall and we had to conclude that there is no way to filter destinations when HTTP/2 is used.
The current filtering is done on TLS.SNI and this filtering drops the gRPC packets. Once we update, we cannot filter anything useable as there are no details in the traffic to filter on. This seems to be because from 5.65.0 the server name is not set in the request sent to the service endpoint.
After a more thorough review of the terraform-provider-aws
code I see that the internal API clients are using the same HTTP client as that used directly by the provider.
@marlonparmentier We continue to investigate the underlying issue.
Community Note
Description
The AWS IAM and STS clients created in
https://github.com/hashicorp/aws-sdk-go-base/blob/main/clients.go
and used for role assumption and the like should use any custom HTTP client configured in theConfig
parameter.Relates (?):