This repository has been archived by the owner. It is now read-only.

fix signing with Temporary Security Credentials #238

Merged
merged 1 commit into from Mar 17, 2015

Conversation

Projects
None yet
2 participants
@MrGossett
Copy link
Contributor

MrGossett commented Mar 4, 2015

When using Route 53, things were working perfectly when aws.GetAuth was passed credentials directly, or when it fell back to aws.SharedAuth or aws.EnvAuth. However, when I switched my app to using Temporary Security Credentials, aws.GetAuth would fall through to aws.getInstanceCredentials to get credentials for the instance's role. I kept getting the following error (whitespace added for readability):

Request failed, got status code: 403. Response:
<?xml version="1.0" ?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
    <Error>
        <Type>Sender</Type>
        <Code>InvalidClientTokenId</Code>
        <Message>The security token included in the request is invalid</Message>
    </Error>
    <RequestId>49ea8b24-c929-11e4-bdf8-2bd74b0c762c</RequestId>
</ErrorResponse>

It turns out that the requests were missing a header. Here's the relevant snippet from the docs:

If you are signing your request using temporary security credentials, you must include the corresponding security token in your request by adding the x-amz-security-token header.

So, if the aws.Auth struct has a non-nil Token, it should be added in a X-Amz-Security-Token header. With this change, I was able to use Temporary Security Credentials just fine.

@MrGossett

This comment has been minimized.

Copy link
Contributor

MrGossett commented Mar 17, 2015

@mitchellh @armon is there anything else you're looking for here before accepting this PR?

armon added a commit that referenced this pull request Mar 17, 2015

Merge pull request #238 from MrGossett/instance-creds-fix
fix signing with Temporary Security Credentials

@armon armon merged commit caaaea8 into mitchellh:master Mar 17, 2015

@armon

This comment has been minimized.

Copy link
Collaborator

armon commented Mar 17, 2015

Sorry, sometimes things fly under our radar

@MrGossett MrGossett deleted the MrGossett:instance-creds-fix branch Mar 17, 2015

@MrGossett

This comment has been minimized.

Copy link
Contributor

MrGossett commented Mar 17, 2015

No worries, @armon.

I'd be happy to help manage the PRs for this repo, if you could use a few extra hands...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.