You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched for a similar issue in our bug tracker and didn't find any solutions.
What happened?
A bug happened!
While connecting to SQS the plugin needs to retrieve the credentials from AWS (or we have to provide static creds). But prior to this RR tries to check if it is "inside of AWS" or not.
This is done using call to well-known url: awsMetaDataURL string = "http://169.254.169.254/latest/dynamic/instance-identity/" But if we use IMDSv2 then token is required for this operation. And GET request to this url will return 200 in case of IMDSv2 while 401 in case of IMDSv2.
As a result - isInAws == false, and we need static creds to access SQS.
@paulermo Hey 👋🏻
Could you please confirm (I don't have an EC2 with IMDSv2 atm) that the request to the http://169.254.169.254/latest/api/token returns a 200 status code?
No duplicates 🥲.
What happened?
A bug happened!
While connecting to SQS the plugin needs to retrieve the credentials from AWS (or we have to provide static creds). But prior to this RR tries to check if it is "inside of AWS" or not.
This is done using call to well-known url:
awsMetaDataURL string = "http://169.254.169.254/latest/dynamic/instance-identity/"
But if we use IMDSv2 then token is required for this operation. And GET request to this url will return 200 in case of IMDSv2 while 401 in case of IMDSv2.As a result -
isInAws == false
, and we need static creds to access SQS.Version (rr --version)
rr version 2.10.7 (build time: 2022-08-05T15:44:08+0000, gol. 18.5), OS: linux, arch: amd64
Relevant log output
The text was updated successfully, but these errors were encountered: