search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
270 stars 151 forks source link

Cannot login using AWS-IAM #641

Closed mahmoudsakrZ closed 2 years ago

mahmoudsakrZ commented 2 years ago

Describe the bug I'm trying to authenticate vault with AWS-IAM as per this docs https://cloud.spring.io/spring-cloud-vault/reference/html/#vault.config.authentication.awsiam

with the following configurations.

Sample application.yaml:

spring:
  config:
    import: vault:/kv/dev/config
    vault:
      authentication: AWS_IAM
      aws-iam:
        server-name: Replace-With-IAM-Server-Id
        role: myrole
        endpoint-uri: https://sts.us-east-1.amazonaws.com
      uri: ${VAULT_ADDR}

pom.xml:

<dependency>
           <groupId>org.springframework.cloud</groupId>
           <artifactId>spring-cloud-starter-vault-config</artifactId>
           <version>3.1.0</version>
</dependency>

<dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-core</artifactId>
            <version>1.12.196</version>
</dependency>

I usually got this error

[RequestedSecret [path='kv/dev/config', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] Cannot login using AWS-IAM: entry for role myrole not found; nested exception is org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: "{"errors":["entry for role myrole not found"]}<EOL>"

I already have a role on aws with this name myrole

What am I missing? should I config the aws role in a specific way?!

mahmoudsakrZ commented 2 years ago

I was using invalid role. once I used the correct one it worked fine :)