Pass region to sts client

First, this change explicitly sets the region from metadata.
Second, it uses .WithSTSRegionalEndpoint(endpoints.RegionalSTSEndpoint)
to enable the regional STS endpoint. This is required because, as of
SDK v1.42.23, the default is legacy (endpoints.LegacySTSEndpoint).

Signed-off-by: Nick Turner <nic@amazon.com>
Signed-off-by: Rasita Pai <prasita@amazon.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas 2022-10-16 11:39:06 -04:00
parent af76f3b72a
commit 715f2af8e2
No known key found for this signature in database
GPG Key ID: 80D83A796103BF59

View File

@ -1190,8 +1190,12 @@ func init() {
return nil, fmt.Errorf("unable to validate custom endpoint overrides: %v", err)
}
regionName, err := getRegionFromMetadata(cfg)
if err != nil {
return nil, err
}
sess, err := session.NewSessionWithOptions(session.Options{
Config: aws.Config{},
Config: *aws.NewConfig().WithRegion(regionName).WithSTSRegionalEndpoint(endpoints.RegionalSTSEndpoint),
SharedConfigState: session.SharedConfigEnable,
})
if err != nil {
@ -1218,6 +1222,32 @@ func init() {
})
}
func getRegionFromMetadata(cfg *CloudConfig) (string, error) {
klog.Infof("Get AWS region from metadata client")
metadata, err := newAWSSDKProvider(nil, cfg).Metadata()
if err != nil {
return "", fmt.Errorf("error creating AWS metadata client: %q", err)
}
err = updateConfigZone(cfg, metadata)
if err != nil {
return "", fmt.Errorf("unable to determine AWS zone from cloud provider config or EC2 instance metadata: %v", err)
}
zone := cfg.Global.Zone
if len(zone) <= 1 {
return "", fmt.Errorf("invalid AWS zone in config file: %s", zone)
}
regionName, err := azToRegion(zone)
if err != nil {
return "", err
}
return regionName, nil
}
// readAWSCloudConfig reads an instance of AWSCloudConfig from config reader.
func readAWSCloudConfig(config io.Reader) (*CloudConfig, error) {
var cfg CloudConfig