You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running the local auditor against a publicly visible S3 bucket, we can run into failures due to credentials not existing despite the fact that they are not needed:
dillon@dillon-mbp ~/o/akd> cargo run -p akd_local_auditor -- s3 --bucket kt-audit-proofs-integration --region us-east-2 main
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /Users/dillon/oss/akd/akd_core/Cargo.toml
workspace: /Users/dillon/oss/akd/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /Users/dillon/oss/akd/akd_client/Cargo.toml
workspace: /Users/dillon/oss/akd/Cargo.toml
Finished dev [unoptimized + debuginfo] target(s) in 5.61s
Running `target/debug/akd_local_auditor s3 --bucket kt-audit-proofs-integration --region us-east-2`
$ audit --epoch 1
[00:00:03.982] INFO load_region; provider=Region("us-east-2") (region:43)
[00:00:04.169] INFO send_operation; (parse_response:95)
[00:00:04.169] INFO send_operation; operation="ListObjectsV2" (parse_response:95)
[00:00:04.169] INFO send_operation; service="s3" (parse_response:95)
[00:00:04.169] INFO provide_credentials; provider=default_chain (credentials:73)
[00:00:04.170] INFO send_operation; (parse_response:95)
[00:00:04.170] INFO send_operation; operation="get" (parse_response:95)
[00:00:04.170] INFO send_operation; service="imds" (parse_response:95)
[00:00:04.170] INFO send_operation; (parse_response:95)
[00:00:04.170] INFO send_operation; operation="get-token" (parse_response:95)
[00:00:04.170] INFO send_operation; service="imds" (parse_response:95)
[00:00:05.174] INFO send_operation; status="dispatch_failure" (parse_response:95)
[00:00:05.174] INFO send_operation; message=timeout: error trying to connect: HTTP connect timeout occurred after 1s (parse_response:95)
[00:00:05.174] INFO send_operation; status="construction_failure" (parse_response:95)
[00:00:05.174] INFO send_operation; message=Failed to load session token: timeout: error trying to connect: HTTP connect timeout occurred after 1s (parse_response:95)
[00:00:05.174] INFO provider returned CredentialsNotLoaded, ignoring (auth:53)
[00:00:05.175] INFO send_operation; status="construction_failure" (parse_response:95)
[00:00:05.175] INFO send_operation; message=No credentials in the property bag (parse_response:95)
Error: Error executing list_objects_v2 in S3: failed to construct request: No credentials in the property bag
Goal
Without any AWS credentials, a request to audit information stored in S3 may fail. In order to make anonymous requests to AWS, we should evaluate a means of sending an "anonymous" request to S3 to read its data.
Bug
When running the local auditor against a publicly visible S3 bucket, we can run into failures due to credentials not existing despite the fact that they are not needed:
Goal
Without any AWS credentials, a request to audit information stored in S3 may fail. In order to make anonymous requests to AWS, we should evaluate a means of sending an "anonymous" request to S3 to read its data.
For reference, please see awslabs/aws-sdk-rust#425.
The text was updated successfully, but these errors were encountered: