Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-iam): IAM endpoint incorrect in us-iso-west-1 #26209

Closed
cartermckinnon opened this issue Jul 3, 2023 · 8 comments
Closed

(aws-iam): IAM endpoint incorrect in us-iso-west-1 #26209

cartermckinnon opened this issue Jul 3, 2023 · 8 comments
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. effort/small Small work item – less than a day of effort p1

Comments

@cartermckinnon
Copy link
Member

cartermckinnon commented Jul 3, 2023
edited
Loading

Describe the bug

When using the OpenIdConnectProvider from aws-iam package in us-iso-west-1, the IAM client used by the CFN custom resource renders the wrong endpoint.

Expected Behavior

Should be able to use iam.OpenIdConnectProvider in us-iso-west-1.

Current Behavior

CREATE_FAILED OpenIdConnectProvider Received response status from custom resource: UnknownEndpoint iam.us-iso-west-1.c2s.ic.gov at port undefined

The endpoint should use us-iso-east-1 instead.

Reproduction Steps

Use iam.OpenIdConnectProvider in us-iso-west-1.

Possible Solution

The AWS SDK was updated in 2.1380.0 to fix this: aws/aws-sdk-js#4422

Can I do anything to fix this in my own CDK package, or does the SDK have to updated here?

Additional Information/Context

No response

CDK CLI Version

2.84.0

Framework Version

2.84.0

Node.js Version

18.x

OS

Amazon Linux 2

Language

Typescript

Language Version

4.0.5

Other information

No response
@cartermckinnon cartermckinnon added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 3, 2023
@cartermckinnon cartermckinnon changed the title (aws-iam): IAM endpoint incorrect in aws-iso-west-1 (aws-iam): IAM endpoint incorrect in us-iso-west-1 Jul 3, 2023
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Jul 3, 2023
@peterwoodworth
Copy link
Contributor

You could use an aspect or escape hatches to add a Lambda layer with the latest SDK to the generated Lambda Function, currently this Function we generate is using the default SDK version which is behind the version which fixes this.

@peterwoodworth peterwoodworth added p1 needs-review effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jul 3, 2023
@cartermckinnon
Copy link
Member Author

I'd like to avoid that type of workaround if a fix here is reasonable in the short term. We (EKS) have some lower priority items blocked on this.

@peterwoodworth
Copy link
Contributor

I should be able to let you know within a few days if this will be on our near term roadmap

@github-actions github-actions bot mentioned this issue Aug 1, 2023
Closed
@cartermckinnon
Copy link
Member Author

@peterwoodworth I've run into another issue related to the SDK version used in the CFN custom resource handler function. Looks like the Lambda runtime provides 3.362.0 right now: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html

Can you elaborate a bit more on this? Can you point me at an example?

You could use an aspect or escape hatches to add a Lambda layer with the latest SDK to the generated Lambda Function

@xazhao
Copy link
Contributor

xazhao commented Aug 27, 2024

Hi @cartermckinnon It has been a while since this issue was created. Just want to check if this issue still exists?
If this issue still exists, I will look into how to upgrade the SDK version.
If this issue doesn't exist anymore, I will close this issue

@cartermckinnon
Copy link
Member Author

We had to stop using OIDC provider constructs in this region. If the SDK hasn't been updated in the CFN resource handler, then this should still be a problem.

@xazhao
Copy link
Contributor

xazhao commented Aug 28, 2024

Thanks for confirming that. Right now I'm unable to reproduce this error. Closing this issue for now.

If anyone finds this issue occurs again, feel free to re-open it.

@xazhao xazhao closed this as completed Aug 28, 2024
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. effort/small Small work item – less than a day of effort p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cartermckinnon @peterwoodworth @xazhao