How to change region when using IAM authentication
See original GitHub issueDescribe the bug Please provide details of the problem, including the version of Spring Cloud that you are using.
version: spring cloud vault 1.1.1
Sample If possible, please provide a test case or sample application that reproduces the problem. This makes it much easier for us to diagnose the problem and to verify that we have fixed it.
I try to using the AWS-IAM authentication with vault server then in bootstrap i defined :
spirng.cloud.vault:
uri: ${VAULT_URI} #vault address
config:
order: -10
authentication: AWS_IAM
aws-iam:
role: dev-role-iam
aws-path: aws
generic:
enabled: true
backend: secret
profile-separator: /
default-context: demo
I get an exception when starting the application
org.springframework.vault.VaultException: Cannot login using AWS-IAM: error making upstream request: received error code 403 from STS: <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid region, not 'us-east-1'. </Message>
</Error>
<RequestId>a701528a-a2bb-4814-92f7-951b15bbef29</RequestId>
</ErrorResponse>
at org.springframework.vault.authentication.AwsIamAuthentication.createTokenUsingAwsIam(AwsIamAuthentication.java:149)
.......
in my case , the EC2 are in ‘cn-northwest-1’ region. How to change the region if use IAM authentication?
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Enabling and disabling IAM database authentication
Enabling and disabling IAM database authentication · In the navigation pane, choose Databases. · Choose the DB instance that you want to modify....
Read more >Enabling and disabling IAM database authentication
Make sure that the DB instance is compatible with IAM authentication. Check the compatibility requirements in Region and version availability. Choose Modify. In ......
Read more >AWS IAM Authentication without region set in config ... - GitHub
Setup a vault docker container that should use a config file without region identified. See below for the config file; Try to boot...
Read more >AWS - Auth Methods | Vault - HashiCorp Developer
With the iam auth method, normally Vault will see the IAM principal that authenticated, either the IAM user or role. However, when you...
Read more >Managing User Credentials - Oracle Help Center
Auth tokens are Oracle-generated token strings that you can use to ... To create, change, and delete IAM database user names, see Working...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Looking at the Amazon docs, it should be possible to set the Endpoint URI to
https://sts.eu-west-1.amazonaws.com
to include the region identifier (e.g.spring.cloud.vault.aws-iam.endpoint-uri: https://sts.cn-northwest-1.amazonaws.com
)@mp911de I was try to register a custom ClientAuthentication to support specify Endpoint_uri , It’s working fine . I think this issue can be closed,Thanks again bro.