Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate security credentials obtained from Instance Metadata Service #3203

Open
wants to merge 1 commit into
base: main-staging
Choose a base branch
from
Open

Validate security credentials obtained from Instance Metadata Service #3203

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Validate security credentials obtained from Instance Metadata Service 
Getting security credentials from Instance Metadata Service fails
when an EC2 instance does not have permissions to assume a role.
When that happens, we get a very unhelpful error message
"Value cannot be null. (Parameter 'awsAccessKeyId')"
Do response validation so that we get better exception message.

See also aws/aws-cli#2060
  • Loading branch information
Olli Pottonen committed Feb 28, 2024
commit 143f2964762e8a6cabd5d3fa82f90bb568d66df2
5 changes: 4 additions & 1 deletion sdk/src/Core/Amazon.Runtime/Credentials/URIBasedRefreshingCredentialHelper.cs
View file
Original file line number Diff line number Diff line change
@@ -85,9 +85,12 @@ protected static T GetObjectFromResponse<T, TC>(Uri uri, IWebProxy proxy, Dictio
Amazon.Util.Internal.JsonSerializerContext,
#endif
new()
where T : SecurityBase
{
string json = GetContents(uri, proxy, headers);
return JsonSerializerHelper.Deserialize<T>(json, new TC());
var result = JsonSerializerHelper.Deserialize<T>(json, new TC());
ValidateResponse(result);
return result;
}

protected static void ValidateResponse(SecurityBase response)