diff --git a/builtin/credential/aws/cli.go b/builtin/credential/aws/cli.go index 7096f6cb4f..75046ec0d2 100644 --- a/builtin/credential/aws/cli.go +++ b/builtin/credential/aws/cli.go @@ -13,6 +13,7 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/sts" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/sdk/helper/awsutil" ) @@ -40,7 +41,8 @@ func GenerateLoginData(creds *credentials.Credentials, headerValue, configuredRe // Use the credentials we've found to construct an STS session region, err := awsutil.GetRegion(configuredRegion) if err != nil { - return nil, err + hclog.Default().Warn(fmt.Sprintf("defaulting region to %q due to %s", awsutil.DefaultRegion, err.Error())) + region = awsutil.DefaultRegion } stsSession, err := session.NewSessionWithOptions(session.Options{ Config: aws.Config{ diff --git a/sdk/helper/awsutil/region.go b/sdk/helper/awsutil/region.go index 7ab0c21e1c..727c3b9104 100644 --- a/sdk/helper/awsutil/region.go +++ b/sdk/helper/awsutil/region.go @@ -14,7 +14,8 @@ import ( // is a widely used region, and is the most common one for some services like STS. const DefaultRegion = "us-east-1" -var ec2MetadataBaseURL = "http://169.254.169.254" +// This is nil by default, but is exposed in case it needs to be changed for tests. +var ec2Endpoint *string /* It's impossible to mimic "normal" AWS behavior here because it's not consistent @@ -54,7 +55,7 @@ func GetRegion(configuredRegion string) (string, error) { } metadata := ec2metadata.New(sess, &aws.Config{ - Endpoint: aws.String(ec2MetadataBaseURL + "/latest"), + Endpoint: ec2Endpoint, EC2MetadataDisableTimeoutOverride: aws.Bool(true), HTTPClient: &http.Client{ Timeout: time.Second, @@ -68,6 +69,5 @@ func GetRegion(configuredRegion string) (string, error) { if err != nil { return "", errwrap.Wrapf("unable to retrieve region from instance metadata: {{err}}", err) } - return region, nil }