[🐛 BUG]: SQS plugin not working without static credentials when using IMDSv2

[paulermo]

No duplicates 🥲.

• I have searched for a similar issue in our bug tracker and didn't find any solutions.

What happened?

A bug happened!

While connecting to SQS the plugin needs to retrieve the credentials from AWS (or we have to provide static creds). But prior to this RR tries to check if it is "inside of AWS" or not.

This is done using call to well-known url: awsMetaDataURL string = "http://169.254.169.254/latest/dynamic/instance-identity/" But if we use IMDSv2 then token is required for this operation. And GET request to this url will return 200 in case of IMDSv2 while 401 in case of IMDSv2.

As a result - isInAws == false, and we need static creds to access SQS.

Version (rr --version)

rr version 2.10.7 (build time: 2022-08-05T15:44:08+0000, gol. 18.5), OS: linux, arch: amd64

Relevant log output

handle_serve_command: Serve error:
endure_start:
endure_serve_internal: Function call error:
endure_call_serve_fn: got initial serve error from the Vertex jobs. Plugin, stopping execution, error: jobs_plugin_serve:
new_sqs_consumers operation error SQS: GetQueueUrl, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, static credentials are empty

[rustatian]

Hey @paulermo 👋🏻
Thanks for the report. Planned for the v2.11.1.

[rustatian]

@paulermo Hey 👋🏻
Could you please confirm (I don't have an EC2 with IMDSv2 atm) that the request to the http://169.254.169.254/latest/api/token returns a 200 status code?