search

spring-attic / spring-cloud-aws

All development has moved to https://github.com/awspring/spring-cloud-aws Integration for Amazon Web Services APIs with Spring
https://awspring.io/
Apache License 2.0
590 stars 373 forks source link

Region auto detection with AWS secrets manager config fails with 2.2.3 #639

Closed MPoorter closed 4 years ago

MPoorter commented 4 years ago

Last working version Spring Boot: 2.3.2 Spring Cloud: Hoxton.SR6 Spring Cloud AWS: 2.2.2

Failing version Spring Boot: 2.3.2 Spring Cloud: Hoxton.SR7 Spring Cloud AWS: 2.2.3

We run an application that uses Spring Cloud Starter AWS Secrets Manager Config to pick up secrets from the AWS secrets at startup. (See dependencies below).

With Spring Cloud Hoxton.SR6 and Spring Cloud AWS 2.2.2, the application was able to start up and during it's bootstrap phase, is able to connect to the Secrets Manager from an instance hosted in the AWS environment, and by default it was able to pick up the region of that instance. Hence, when it looked for secrets, it was in the same region as the instance.

However, since Hoxton.SR7 and Spring Cloud AWS 2.2.3, it would seem that the region is no longer automatically detected, and the application started using the default region us-west-2 instead of the region of the instance. Thus it tries to access a resource like this arn:aws:secretsmanager:us-west-2:REDACTED:secret:/secret/…. This resource doesn't exist in us-west-2.

I know some work has been done around this lately, specifically this change. And by setting the static region in the bootstrap properties, we are able to find our secrets again. I would just like to understand if and why this change prevents any automatic region detection.

Thanks in advance for looking into this.

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-aws-autoconfigure</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-aws-messaging</artifactId>
    <exclusions>
        <exclusion>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
        </exclusion>
    </exclusions>
</dependency>
eddumelendez commented 4 years ago

@MPoorter thanks for the report! indeed, the default regio was accidentally introduced here for parameter-store and secrets-manager. For now, the workaround would be to set the region but next versions will fix it so the region will be automatically detected.