diff --git a/nodeup/pkg/model/bootstrap_client.go b/nodeup/pkg/model/bootstrap_client.go index 9764e50e928ec..f3daf2bd4660d 100644 --- a/nodeup/pkg/model/bootstrap_client.go +++ b/nodeup/pkg/model/bootstrap_client.go @@ -39,7 +39,11 @@ func (b BootstrapClientBuilder) Build(c *fi.ModelBuilderContext) error { var err error switch kops.CloudProviderID(b.Cluster.Spec.CloudProvider) { case kops.CloudProviderAWS: - authenticator, err = awsup.NewAWSAuthenticator() + region, regionErr := awsup.FindRegion(b.Cluster) + if regionErr != nil { + return fmt.Errorf("querying AWS region: %v", regionErr) + } + authenticator, err = awsup.NewAWSAuthenticator(region) default: return fmt.Errorf("unsupported cloud provider %s", b.Cluster.Spec.CloudProvider) } diff --git a/upup/pkg/fi/cloudup/awsup/BUILD.bazel b/upup/pkg/fi/cloudup/awsup/BUILD.bazel index 193241329503a..4d3dca315b77b 100644 --- a/upup/pkg/fi/cloudup/awsup/BUILD.bazel +++ b/upup/pkg/fi/cloudup/awsup/BUILD.bazel @@ -30,7 +30,6 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/client:go_default_library", - "//vendor/github.com/aws/aws-sdk-go/aws/ec2metadata:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/endpoints:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/session:go_default_library", diff --git a/upup/pkg/fi/cloudup/awsup/aws_authenticator.go b/upup/pkg/fi/cloudup/awsup/aws_authenticator.go index ff304a5005911..9a471331d5765 100644 --- a/upup/pkg/fi/cloudup/awsup/aws_authenticator.go +++ b/upup/pkg/fi/cloudup/awsup/aws_authenticator.go @@ -35,8 +35,8 @@ type awsAuthenticator struct { var _ fi.Authenticator = &awsAuthenticator{} -func NewAWSAuthenticator() (fi.Authenticator, error) { - config := aws.NewConfig().WithCredentialsChainVerboseErrors(true) +func NewAWSAuthenticator(region string) (fi.Authenticator, error) { + config := aws.NewConfig().WithCredentialsChainVerboseErrors(true).WithRegion(region) sess, err := session.NewSession(config) if err != nil { return nil, err diff --git a/upup/pkg/fi/cloudup/awsup/aws_verifier.go b/upup/pkg/fi/cloudup/awsup/aws_verifier.go index e9bd9552dc64d..cf4e14e884294 100644 --- a/upup/pkg/fi/cloudup/awsup/aws_verifier.go +++ b/upup/pkg/fi/cloudup/awsup/aws_verifier.go @@ -32,7 +32,6 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/ec2metadata" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/sts" @@ -42,6 +41,8 @@ import ( type AWSVerifierOptions struct { // NodesRoles are the IAM roles that worker nodes are permitted to have. NodesRoles []string `json:"nodesRoles"` + // Region is the AWS region of the cluster. + Region string } type awsVerifier struct { @@ -57,7 +58,7 @@ type awsVerifier struct { var _ fi.Verifier = &awsVerifier{} func NewAWSVerifier(opt *AWSVerifierOptions) (fi.Verifier, error) { - config := aws.NewConfig().WithCredentialsChainVerboseErrors(true) + config := aws.NewConfig().WithCredentialsChainVerboseErrors(true).WithRegion(opt.Region) sess, err := session.NewSession(config) if err != nil { return nil, err @@ -71,13 +72,7 @@ func NewAWSVerifier(opt *AWSVerifierOptions) (fi.Verifier, error) { partition := strings.Split(aws.StringValue(identity.Arn), ":")[1] - metadata := ec2metadata.New(sess, config) - region, err := metadata.Region() - if err != nil { - return nil, fmt.Errorf("error querying ec2 metadata service (for region): %v", err) - } - - ec2Client := ec2.New(sess, config.WithRegion(region)) + ec2Client := ec2.New(sess, config) return &awsVerifier{ accountId: aws.StringValue(identity.Account), diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index 6fe7cc9750377..9e58697bd6247 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -405,6 +405,7 @@ func (tf *TemplateFunctions) KopsControllerConfig() (string, error) { } config.Server.Provider.AWS = &awsup.AWSVerifierOptions{ NodesRoles: nodesRoles.List(), + Region: tf.Region, } default: return "", fmt.Errorf("unsupported cloud provider %s", cluster.Spec.CloudProvider)