Unable to override IMDSv2 service URL

[ibexa-yuna]

Describe the bug

I'm using aws_signing_helper in order to facilitate IAM Roles Anywhere setup.
I'm overriding AWS_EC2_METADATA_SERVICE_ENDPOINT to http://127.0.0.1:9911/
However, the application doesn't use the new endpoint and still trying to fetch InstanceCredentials from 169.254.169.254.

Expected Behavior

The application would acquire temporary credentials from aws_signing_helper via IAM Roles Anywhere by talking to a service endpoint defined by the environment variable AWS_EC2_METADATA_SERVICE_ENDPOINT.

Current Behavior

The application fails to authenticate with an error of

Error retrieving credentials from the instance profile metadata service. (cURL error 7: Failed to connect to 169.254.169.254 port 80: Network is unreachable (see https://curl.haxx.se/libcurl/c/libcurl-errors.html))
clearly indicating the old address for instance metadata.

Reproduction Steps

1. Setup application that is using AWS SDK for PHP
2. Make sure that the application doesn't have any other credentials available
3. Setup environment variable with another URL to instance metadata
4. Try calling any AWS service, allowing SDK to authenticate
5. Observe the error and a call to 169.254.169.254, instead of the URL defined in an environment variable AWS_EC2_METADATA_SERVICE_ENDPOINT

Possible Solution

Re-implement #2277 after it has been reverted.

Additional Information/Context

I think the problem is that URL is hardcoded in https://github.com/SamRemis/aws-sdk-php/blob/master/src/Credentials/InstanceProfileProvider.php#L19 and https://github.com/SamRemis/aws-sdk-php/blob/master/src/Credentials/InstanceProfileProvider.php#L230

SDK version used

3.290.1

Environment details (Version of PHP (php -v)? OS name and version, etc.)

php 8.1

[yenfryherrerafeliz]

Hi @ibexa-yuna, thanks for reporting this. You are experiencing this behavior because the instance profile provider does not support a custom endpoint to resolve credentials. I do not know why the previous implementation was removed, but I will bring this into discussion with the team to add an item in our backlog to address this in the near future. I will provide updates regarding what we decide or our progress in the thread of this issue.

Thanks!

[stobrien89]

Hi @ibexa-yuna,

Thanks for your patience. We've merged #2859, which provides the support you're requesting. This will be available in tomorrow's release. Closing for now, but please let us know if you have any additional questions or issues.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.