Closed phr3nzii closed 3 years ago
Realised that I didn't say which browser I'm using 🤦 I'm using Brave Version 1.14.84 Chromium: 85.0.4183.121 (Official Build) (64-bit), however, I see the same behaviour in Chrome Version 85.0.4183.121 (Official Build) (64-bit)
This issue occurs when viewing some AWS global services (ex: S3, IAM, CloudFront).
I'm still getting the 400 error while switching roles from the CodeArtifact service (region eu-central-1).
I'm on Firefox 81.0.1
Hello @th3noname , @tilfin, @phr3nzii : I discovered that one reason (certainly one out of many) for the 404 can be caused by the length of the "DisplayName" parameter for the account (in the switchrole HTTP call).
In my case, I had not checked the "Hide Account Id" checkbox. Thus, the DisplayName is constructed by the concatenation of the name of the profile + " | " + account_id (the later part adds 17 characters to the display name).
My profile names are "quite long".
If the whole string length is > 64 characters, then I always have a 404 page.
As soon as I reduce the size of the profile name, so that the whole DisplayName is <= 64 characters, the 404 page disappears. (Of course another solution is to check the "Hide Account Id" checkbox)
(And when using aws web console, there is a forced truncation by the interface so that DisplayName is not > 64 chars)
Could it be that you are also impacted by this ?
The display names I have are < 64 characters. 2.0.5 resolved this issue for me, I haven't had any 400 or 404 errors since
I get 400 when the redirect_uri
parameter is complicated, such as the CodePipeline
"Pipelines" page which has URIs like https://ap-southeast-2.console.aws.amazon.com/codesuite/codepipeline/pipelines?region=ap-southeast-2&pipelines-meta=<long URI-encoded JSON>
. When that happens, navigating to a page with a simpler URI (like the CodePipeline
"Getting started" page) allows me to switch the role.
It's not clear whether it's the encoded JSON {
/"
/}
characters that's causing the issue or the URI length, but it seems possible to switch roles using the AWS console's builtin role history on those pages.
Hi,
Firstly, thank you for such a great extension and for fixing the issues with the new AWS UI so quickly!
Perhaps this should be raised as two separate issues but they are very similar so I think they're related. I've noticed that sometimes when switching role I get a 400 Bad Request or a 404 Not Found.
This was happening before the recent switch to v2, I've only just looked further into why it was happening.
400 Example
In this example, I am on the S3 console page (https://s3.console.aws.amazon.com/s3/home?region=us-east-1) and I am switching to a role that has the region set to
eu-central-1
.I compared a broken and working request to https://signin.aws.amazon.com/switchrole and noticed that in the form data on the broken request the
redirect_uri
was differentBroken:
https%3A%2F%2Feu-central-1.s3.console.aws.amazon.com%2Fs3%2Fhome%3Fregion%3Deu-central-1
Working:https%3A%2F%2Fs3.console.aws.amazon.com%2Fs3%2Fhome%3Fregion%3Dus-east-1%23
The region hasn't changed as the normal AWS console doesn't take the region switching into account, however I tested using curl with changed the
request_uri
and I got a working 302 responseWorking with Region change:
https%253A%252F%252Fs3.console.aws.amazon.com%252Fs3%252Fhome%253Fregion%253Deu-central-1
404 Example
In this example, I am on the IAM Roles page (https://console.aws.amazon.com/iam/home?region=eu-central-1#/roles) using the role that has the region set to
eu-central-1
and I am switching to the role that has the region set tous-east-1
. This results in a 404 on https://aws.amazon.com/iam/home/?region=us-east-1#/rolesIn this scenario the /switchrole endpoint returns a 302, which sends me to https://aws.amazon.com/iam/home?region=us-east-1 which returns a 301 which then sends me on to the 404 URI above.
Again, comparing the broken and working requests to the
/switchrole
endpoint theredirect_uri
was differentBroken:
https%3A%2F%2Faws.amazon.com%2Fiam%2Fhome%3Fregion%3Dus-east-1%23%2Froles
Working:https%3A%2F%2Fconsole.aws.amazon.com%2Fiam%2Fhome%3Fregion%3Dus-east-1%23
Testing again with curl but adjusting the request_uri to add the region change I got a 200 response after following the redirects as above.
Working with Region change:
https%3A%2F%2Fconsole.aws.amazon.com%2Fiam%2Fhome%3Fregion%3Dus-east-1%2523%252Froles
Unfortunately, I wouldn't know where to start with fixing this change myself 😞 But hopefully the above gives you enough information. However, if you need more information or have any questions let me know 👍
Thanks again!