Boto3 isnt fetching region from IMDS
See original GitHub issueAccording to the docs (https://boto3.readthedocs.org/en/latest/guide/configuration.html), boto3 should be fetching the region from the instance metadata service if it’s running on an EC2 instance. This does not appear to be the case.
Steps to reproduce:
- Spin up an instance in us-west-2 with an appropriate IAM role
- Install boto3 on the instance
>>> import boto3
>>> boto3.resource("sqs")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/site-packages/boto3/__init__.py", line 87, in resource
return _get_default_session().resource(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/boto3/session.py", line 292, in resource
aws_session_token=aws_session_token, config=config)
File "/usr/local/lib/python2.7/site-packages/boto3/session.py", line 200, in client
aws_session_token=aws_session_token, config=config)
File "/usr/lib/python2.7/dist-packages/botocore/session.py", line 762, in create_client
client_config=config, api_version=api_version)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 62, in create_client
verify, credentials, scoped_config, client_config)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 227, in _get_client_args
endpoint_url)
File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 117, in _get_signature_version_and_region
service_model.endpoint_prefix, region_name, scheme=scheme)
File "/usr/lib/python2.7/dist-packages/botocore/regions.py", line 70, in construct_endpoint
raise NoRegionError()
botocore.exceptions.NoRegionError: You must specify a region.
Issue Analytics
- State:
- Created 8 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Configuration — Boto3 Docs 1.26.33 documentation - AWS
If no value is specified, Boto3 attempts to search the shared credentials file and the config file for the default profile.
Read more >How to use boto3 on EC2 instance without local configuration?
Specifically, boto3 retrieves credentials from the instance metadata service but not other configuration items (such as region).
Read more >Resolve the IAM Error "AWS was not able to validate the ...
Obtain tokens from a Regional endpoint. The following example command uses AWS SDK for Python (Boto3). Note: Replace your-region, AccountID, and ...
Read more >Detect running EC2 instances in all regions with boto3 - Medium
When I am developing on AWS, I often create Amazon EC2 instances in many regions. And forget the status, which one is running...
Read more >ec2-metadata - PyPI
boto came with a utility function to retrieve the instance metadata as a lazy loading dictionary, boto.utils.get_instance_metadata, but this has not been ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
AWS’s Java SDK resolves region via instance metadata, if there is no environment variable, system property, or ~.aws/config value saying otherwise. Its too bad the different SDKs follow different preferences for doing the same thing. It is very nice that all the SDKs now resolve credentials the exact same way (see https://aws.amazon.com/blogs/security/a-new-and-standardized-way-to-manage-credentials-in-the-aws-sdks/), too bad region resolution has to be inconsistent.
This was also requested for the AWS CLI: https://github.com/aws/aws-cli/issues/486
I think the main hesitation was that this could be unexpected for users. If you have a script you’ve developed that worked in us-west-2 (relying on this behavior) and you copy it over to a us-east-1 instance, it could be hard to troubleshoot why the script wasn’t working, especially if this feature is on by default. A user may not be aware they’re relying on this functionality.
That being said, we’d still like more feedback on this. I assume you’d find this functionality useful?