Closed tomberek closed 3 years ago
mmmorris1975
commented
3 years ago I am able to duplicate this. When working with the awscli (based on the python AWS SDK), the v2 path works as expected. AWS is consistently inconsistent with their SDK behaviors across languages, so I'll dig a bit to see what the Go SDK (used by s5cmd) is doing which the Python one isn't.
mmmorris1975
commented
3 years ago It appears that the Go SDK used by s5cmd is expecting an extra HTTP header in the IMDS token response which isn't required by the boto3 SDK. Got that fixed up, and the new release is ready. Let me know if this is working better for you.
Fixed by: d39259e9b2a0433ef4a9814f9bff408a0d51b470 Released in 3.0.1
tomberek
commented
3 years ago I think that works perfectly!
Readme seems to indicate it is:
The EC2 metadata credential service now supports the IMDSv2 token path, but the flow does not seem to work with some clients (eg: https://github.com/peak/s5cmd ) which just retry a bunch of times before going to a fallback. Is there a library bump needed in clients? in aws-runas?https://github.com/mmmorris1975/aws-runas/blob/master/metadata/server.go#L352