diff --git a/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java b/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java index 97c065e771ffd..4042d414048d9 100644 --- a/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java +++ b/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java @@ -8,6 +8,7 @@ package org.elasticsearch.repositories.s3; +import com.amazonaws.regions.RegionUtils; import com.amazonaws.util.json.Jackson; import org.apache.lucene.util.SetOnce; @@ -49,6 +50,8 @@ public class S3RepositoryPlugin extends Plugin implements RepositoryPlugin, Relo // ClientConfiguration clinit has some classloader problems // TODO: fix that Class.forName("com.amazonaws.ClientConfiguration"); + // Pre-load region metadata to avoid looking them up dynamically without privileges enabled + RegionUtils.initialize(); } catch (final ClassNotFoundException e) { throw new RuntimeException(e); } diff --git a/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java b/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java index 25bba12db6952..e33bfbff141b2 100644 --- a/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java +++ b/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3Service.java @@ -370,7 +370,7 @@ static class CustomWebIdentityTokenCredentialsProvider implements AWSCredentials // https://github.com/aws/amazon-eks-pod-identity-webhook/pull/41 stsRegion = systemEnvironment.getEnv(SDKGlobalConfiguration.AWS_REGION_ENV_VAR); if (stsRegion != null) { - stsClientBuilder.withRegion(stsRegion); + SocketAccess.doPrivilegedVoid(() -> stsClientBuilder.withRegion(stsRegion)); } else { LOGGER.warn("Unable to use regional STS endpoints because the AWS_REGION environment variable is not set"); }