Re: Issue with jclouds computeService listNodes() ?

Thu, 21 Jun 2018 01:00:35 -0700 

Hi Archana,

I see the problem here. When using temporary credentials in AWS, the
session token must be included in a request header [1], so you need to
provide it when configuring the jclouds context with the credentials.

By default, the "ContextBuilder.credentials" signature does only allow to
pass the access key and secret key, but there is no place to specify that
session token. However, the ContextBuilder provides an alternate mechanism
to configure custom credentials. You can use the
"ContextBuilder.credentialsSupplier" method as follows:

ContextBuilder.newBuilder("aws-ec2")
   ...
   .credentialsSupplier(new Supplier<Credentials>() {
      @Override
      public Credentials get() {
         return SessionCredentials.builder()
            .accessKeyId("temporary access key")
            .secretAccessKey("temporary secret key")
            .sessionToken("session token")
            .expiration(new Date()) // Change to a proper value
            .build();
      }
   })
   ...

​

Could you try this?


HTH!

I.


[1]
https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#UsingTemporarySecurityCredentials


On 21 June 2018 at 09:53, Andrea Turli <andrea.tu...@gmail.com> wrote:

> Mmm very interesting!
>
> The only thing that comes to my mind is:
> - is your account allowed to talk to all the regions? From the stacktrace
> above looks like
> org.jclouds.rest.AuthorizationException: POST https://ec2.us-east-1.
> amazonaws.com/ HTTP/1.1 -> HTTP/1.1 401 Unauthorized
> so maybe your account is not allowed to talk to that region. Can you
> confirm? if not you want to control which regions to target you can use
> `-Djclouds.regions: "us-west-1" in case you want to limit to Oregon.
>
> HTH,
> Andrea
>
> On Thu, Jun 21, 2018 at 9:45 AM archiep...@gmail.com <archiep...@gmail.com>
> wrote:
>
>> Hi Andrea,
>> Thanks for the quick response. I am using an IAM role that has full admin
>> access. Which is why this case is even more perplexing. Do you have any
>> other suggestions to try out?
>>
>> Cheers
>> Archana
>>
>> On 2018/06/20 21:45:31, archiep...@gmail.com <archiep...@gmail.com>
>> wrote:
>> > Hi Ignasi,
>> > So the function that does the authentication uses a context builder and
>> generates a temporary access and secret key. I've read that perhaps Jclouds
>> might not be sending the session token to access aws resources. Do you
>> think that is what could be happening?
>> >
>> > Cheers,
>> > Archana
>> >
>>
>

Reply via email to