Assume role failing via WebIdentity

oxyno-zeta / s3-proxy

S3 Reverse Proxy with GET, PUT and DELETE methods and authentication (OpenID Connect and Basic Auth)

https://oxyno-zeta.github.io/s3-proxy/

Apache License 2.0

292 stars 33 forks source link

Assume role failing via WebIdentity #390

Closed SheverNts closed 10 months ago

SheverNts commented 10 months ago

Describe the bug Error when trying to access STS endpoint (sts.us-east-1.amazonaws.com), It is using http endpoint instead of https.

Error: Internal Server Error WebIdentityErr: failed to retrieve credentials caused by: RequestError: send request failed caused by: Post "http://sts.us-east-1.amazonaws.com/": read tcp 100.64.15.129:48714->67.220.245.46:80: read: connection reset by peer

Screenshots

Version and platform (please complete the following information):

Platform Linux
Arch amd64
Version 4.5

oxyno-zeta commented 10 months ago

Hello @SheverNts ,

Thanks for your ticket.

The project is using the official V1 SDK and nothing particular has been done to support STS. This is something the client is trying/detecting because you haven't set access key and secret key in the configuration I would say. Or because you put some environment variables.

I don't know how to help you with that.

Best regards,

Oxyno-zeta

SheverNts commented 10 months ago

@oxyno-zeta Issue resolved after setting disableSSL to false, Seems disableSSL disabling ssl for all aws endpoints

https://github.com/oxyno-zeta/s3-proxy/blob/82c13bd022583d9d0071535dbf9508de4f0503f9/pkg/s3-proxy/utils/generalutils/utils.go#L200

oxyno-zeta commented 10 months ago

Interesting to know, thanks. Is your problem fixed ?

SheverNts commented 10 months ago

@oxyno-zeta Problem fixed after enabling the ssl via disableSSL. Thanks