Hi Ignasi,
Thank you! I will try this out and let you know if it worked.
Cheers
Archana
On 2018/06/21 08:00:01, Ignasi Barrera <ignasi.barr...@gmail.com> wrote:
> Hi Archana,
>
> I see the problem here. When using temporary credentials in AWS, the
> session token must be included in a request header [1], so you need to
> provide it when configuring the jclouds context with the credentials.
>
> By default, the "ContextBuilder.credentials" signature does only allow to
> pass the access key and secret key, but there is no place to specify that
> session token. However, the ContextBuilder provides an alternate mechanism
> to configure custom credentials. You can use the
> "ContextBuilder.credentialsSupplier" method as follows:
>
> ContextBuilder.newBuilder("aws-ec2")
> ...
> .credentialsSupplier(new Supplier<Credentials>() {
> @Override
> public Credentials get() {
> return SessionCredentials.builder()
> .accessKeyId("temporary access key")
> .secretAccessKey("temporary secret key")
> .sessionToken("session token")
> .expiration(new Date()) // Change to a proper value
> .build();
> }
> })
> ...
>
>
>
> Could you try this?
>
>
> HTH!
>
> I.
>
>
> [1]
> https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#UsingTemporarySecurityCredentials
>
>
> On 21 June 2018 at 09:53, Andrea Turli <andrea.tu...@gmail.com> wrote:
>
> > Mmm very interesting!
> >
> > The only thing that comes to my mind is:
> > - is your account allowed to talk to all the regions? From the stacktrace
> > above looks like
> > org.jclouds.rest.AuthorizationException: POST https://ec2.us-east-1.
> > amazonaws.com/ HTTP/1.1 -> HTTP/1.1 401 Unauthorized
> > so maybe your account is not allowed to talk to that region. Can you
> > confirm? if not you want to control which regions to target you can use
> > `-Djclouds.regions: "us-west-1" in case you want to limit to Oregon.
> >
> > HTH,
> > Andrea
> >
> > On Thu, Jun 21, 2018 at 9:45 AM archiep...@gmail.com <archiep...@gmail.com>
> > wrote:
> >
> >> Hi Andrea,
> >> Thanks for the quick response. I am using an IAM role that has full admin
> >> access. Which is why this case is even more perplexing. Do you have any
> >> other suggestions to try out?
> >>
> >> Cheers
> >> Archana
> >>
> >> On 2018/06/20 21:45:31, archiep...@gmail.com <archiep...@gmail.com>
> >> wrote:
> >> > Hi Ignasi,
> >> > So the function that does the authentication uses a context builder and
> >> generates a temporary access and secret key. I've read that perhaps Jclouds
> >> might not be sending the session token to access aws resources. Do you
> >> think that is what could be happening?
> >> >
> >> > Cheers,
> >> > Archana
> >> >
> >>
> >
>
