Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDK Ignores 'endpoint_url' property of AWS config profiles #5475

Closed
Jgb14002 opened this issue Aug 6, 2024 · 2 comments
Closed

SDK Ignores 'endpoint_url' property of AWS config profiles #5475

Jgb14002 opened this issue Aug 6, 2024 · 2 comments
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@Jgb14002
Copy link

Jgb14002 commented Aug 6, 2024

Describe the bug

When you specify a profile under ~/.aws/config such as:

[profile localstack]
endpoint_url = http://localhost:4566
region = us-west-1
output = json

When the SDK is using this profile as the active profile, the endpoint_url property is ignored by the SDK. When service endpoints are resolved, they are resolved to their respective defaults, although the region property is used as expected.

For example, using such a configuration results in an SQS endpoint of https://sqs.us-west-1.amazonaws.com

This is contrary to the behavior of the AWS CLI which uses the property correctly.

Expected Behavior

When the active profile specifies an endpoint_url, SDK endpoint resolution for AWS services should use the endpoint_url

Current Behavior

The endpoint_url property is ignored.

2024-08-06T20:07:06.874Z DEBUG 96095 --- [rating-admin] [ecycle-thread-2] s.a.a.a.c.AwsCredentialsProviderChain    : Loading credentials from ProfileCredentialsProvider(profileName=localstack, profileFile=ProfileFile(sections=[profiles, sso-session], profiles=[Profile(name=localstack, properties=[output, endpoint_url, region, aws_access_key_id, aws_secret_access_key])]))
2024-08-06T20:07:06.886Z DEBUG 96095 --- [rating-admin] [ecycle-thread-2] s.a.a.c.i.ExecutionInterceptorChain      : Interceptor 'software.amazon.awssdk.services.sqs.endpoints.internal.SqsRequestSetEndpointInterceptor@455d04df' modified the message with its modifyHttpRequest method.
2024-08-06T20:07:06.898Z DEBUG 96095 --- [rating-admin] [ecycle-thread-2] software.amazon.awssdk.request           : Sending Request: DefaultSdkHttpFullRequest(httpMethod=POST, protocol=https, host=sqs.us-west-1.amazonaws.com, encodedPath=/, headers=[amz-sdk-invocation-id, Content-Length, Content-Type, User-Agent, X-Amz-Target], queryParameters=[])
2024-08-06T20:07:06.899Z DEBUG 96095 --- [rating-admin] [ecycle-thread-2] s.a.a.c.i.io.SdkLengthAwareInputStream   : Specified InputStream length of 30 has been reached. Returning EOF.
2024-08-06T20:07:06.901Z DEBUG 96095 --- [rating-admin] [ecycle-thread-2] s.amazon.awssdk.auth.signer.Aws4Signer   : AWS4 Canonical Request: POST
/

amz-sdk-invocation-id:cb528f43-e513-0e6c-5183-81425a55d1dc
amz-sdk-request:attempt=1; max=4
content-length:30
content-type:application/x-amz-json-1.0
host:sqs.us-west-1.amazonaws.com
x-amz-date:20240806T200706Z
x-amz-target:AmazonSQS.GetQueueUrl

amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-target
f1a6b9ba8c41e194c0698ca930f5ee2021bb286402c3aa639c53a3149b908355

You can see the actual endpoint being used is sqs.us-west-1.amazonaws.com

Reproduction Steps

Create an ~/.aws/config file:

[profile localstack]
endpoint_url = http://localhost:4566
region = us-west-1
output = json

Create an ~/.aws/credentials file:

[localstack]
aws_access_key_id = localstack
aws_secret_access_key = localstack

Run the following code:

package org.example;

import java.util.concurrent.ExecutionException;
import software.amazon.awssdk.services.sqs.SqsAsyncClient;

public class Main {

  public static void main(String[] args) {
    // For example purposes so that it can be resolved
    System.setProperty("aws.profile", "localstack");
    try (SqsAsyncClient client = SqsAsyncClient.create()) {
      client.listQueues().get();
    } catch (InterruptedException | ExecutionException e) {
      e.printStackTrace();
    }
  }
}

You will get an error Caused by: software.amazon.awssdk.services.sqs.model.SqsException: The security token included in the request is invalid. (Service: Sqs, Status Code: 403, Request ID: 360407ba-8ce1-5488-a853-589605d82591) since it is using the default endpoint and not the one specified in the profile.

Possible Solution

No response

Additional Information/Context

https://aws.amazon.com/blogs/developer/new-improved-flexibility-when-configuring-endpoint-urls-with-the-aws-sdks-and-tools/

AWS Java SDK version used

2.21.46 (applies to 2.26.31)

JDK version used

openjdk 21.0.2 2024-01-16

Operating System and version

MacOS 14.3
@Jgb14002 Jgb14002 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 6, 2024
@debora-ito
Copy link
Member

Java SDK 2.x does not support endpoint overrides yet, we are tracking here: #4501.

Closing this as a duplicate.

@debora-ito debora-ito closed this as not planned Won't fix, can't repro, duplicate, stale Aug 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 6, 2024

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@debora-ito @Jgb14002