You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The S3 CRT client does not use the IAM role attached to the service account in Kubernetes. I'm building the client with default credentials provider chain. Instead, it tries to use the role of the EKS/Kubernetes node. I do have the STS module on the the classpath. Other SDK clients are correctly use the IAM role. Even the Netty-based async client works with the role.
Expected Behavior
The CRT based client use the default credentials provider chain correctly, and use the IAM role for the container.
Current Behavior
It tries to use the role of the Kubernetes node. I see authentication error where it points to the node role not having the correct IAM actions. Those actions only exists on the container IAM role.
Reproduction Steps
Create a standard CRT client
Deploy to a container, and attach IAM role to the service account for the container.
Make a request to upload/download with the CRT client.
Possible Solution
It should use the IAM role for the container.
Additional Information/Context
No response
AWS Java SDK version used
2.20.162, 0.27.3 (CRT)
JDK version used
Corretto 17.0.8
Operating System and version
Amazon Linux 2023
The text was updated successfully, but these errors were encountered:
singhbaljit
changed the title
S3 CRT Client not using IAM role for the Kubernetes service account
S3 CRT Client not using IAM role for the EKS/Kubernetes service account
Oct 11, 2023
Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
The S3 CRT client does not use the IAM role attached to the service account in Kubernetes. I'm building the client with default credentials provider chain. Instead, it tries to use the role of the EKS/Kubernetes node. I do have the STS module on the the classpath. Other SDK clients are correctly use the IAM role. Even the Netty-based async client works with the role.
Expected Behavior
The CRT based client use the default credentials provider chain correctly, and use the IAM role for the container.
Current Behavior
It tries to use the role of the Kubernetes node. I see authentication error where it points to the node role not having the correct IAM actions. Those actions only exists on the container IAM role.
Reproduction Steps
Possible Solution
It should use the IAM role for the container.
Additional Information/Context
No response
AWS Java SDK version used
2.20.162, 0.27.3 (CRT)
JDK version used
Corretto 17.0.8
Operating System and version
Amazon Linux 2023
The text was updated successfully, but these errors were encountered: