This is great! Thank you! Cheers Archana
On 2018/06/21 08:39:58, Ignasi Barrera <n...@apache.org> wrote: > FTR, I'm not a user of the SimianArmy, but I've just opened a PR to add > support for temporary credentials: > https://github.com/Netflix/SimianArmy/pull/331 > > On 21 June 2018 at 10:14, archiep...@gmail.com <archiep...@gmail.com> wrote: > > > Hi Ignasi, > > Thank you! I will try this out and let you know if it worked. > > > > Cheers > > Archana > > > > On 2018/06/21 08:00:01, Ignasi Barrera <ignasi.barr...@gmail.com> wrote: > > > Hi Archana, > > > > > > I see the problem here. When using temporary credentials in AWS, the > > > session token must be included in a request header [1], so you need to > > > provide it when configuring the jclouds context with the credentials. > > > > > > By default, the "ContextBuilder.credentials" signature does only allow to > > > pass the access key and secret key, but there is no place to specify that > > > session token. However, the ContextBuilder provides an alternate > > mechanism > > > to configure custom credentials. You can use the > > > "ContextBuilder.credentialsSupplier" method as follows: > > > > > > ContextBuilder.newBuilder("aws-ec2") > > > ... > > > .credentialsSupplier(new Supplier<Credentials>() { > > > @Override > > > public Credentials get() { > > > return SessionCredentials.builder() > > > .accessKeyId("temporary access key") > > > .secretAccessKey("temporary secret key") > > > .sessionToken("session token") > > > .expiration(new Date()) // Change to a proper value > > > .build(); > > > } > > > }) > > > ... > > > > > > > > > > > > Could you try this? > > > > > > > > > HTH! > > > > > > I. > > > > > > > > > [1] > > > https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html# > > UsingTemporarySecurityCredentials > > > > > > > > > On 21 June 2018 at 09:53, Andrea Turli <andrea.tu...@gmail.com> wrote: > > > > > > > Mmm very interesting! > > > > > > > > The only thing that comes to my mind is: > > > > - is your account allowed to talk to all the regions? From the > > stacktrace > > > > above looks like > > > > org.jclouds.rest.AuthorizationException: POST https://ec2.us-east-1. > > > > amazonaws.com/ HTTP/1.1 -> HTTP/1.1 401 Unauthorized > > > > so maybe your account is not allowed to talk to that region. Can you > > > > confirm? if not you want to control which regions to target you can use > > > > `-Djclouds.regions: "us-west-1" in case you want to limit to Oregon. > > > > > > > > HTH, > > > > Andrea > > > > > > > > On Thu, Jun 21, 2018 at 9:45 AM archiep...@gmail.com < > > archiep...@gmail.com> > > > > wrote: > > > > > > > >> Hi Andrea, > > > >> Thanks for the quick response. I am using an IAM role that has full > > admin > > > >> access. Which is why this case is even more perplexing. Do you have > > any > > > >> other suggestions to try out? > > > >> > > > >> Cheers > > > >> Archana > > > >> > > > >> On 2018/06/20 21:45:31, archiep...@gmail.com <archiep...@gmail.com> > > > >> wrote: > > > >> > Hi Ignasi, > > > >> > So the function that does the authentication uses a context builder > > and > > > >> generates a temporary access and secret key. I've read that perhaps > > Jclouds > > > >> might not be sending the session token to access aws resources. Do you > > > >> think that is what could be happening? > > > >> > > > > >> > Cheers, > > > >> > Archana > > > >> > > > > >> > > > > > > > > > >
