Skip to content

ap-east-1 is detected, but giving AuthFailures with federated credentials

Using my AWS account and IAM user, with ap-east-1 disabled...

build/resolve-profile.py test
>>> Determining region availability...-++++++++++++++++
*** WARNING: skipping disabled region ap-east-1
>>> Resolving configuration for 'v3_10-x86_64'
...
build/prune-amis.py version test
> PRUNING test/edge-x86_64 for version
* scanning: ap-east-1...
An error occurred (AuthFailure) when calling the DescribeImages operation: AWS was not able to validate the provided access credentials
* scanning: ap-northeast-1
...

I then enabled it on my account, wait a while, and then try again...

build/resolve-profile.py test
>>> Determining region availability...+++++++++++++++++
>>> Resolving configuration for 'v3_10-x86_64'
...
build/prune-amis.py version test
> PRUNING test/edge-x86_64 for version
* scanning: ap-east-1...
* scanning: ap-northeast-1...
...

When using this project's federated credentials, however, the results are always equivalent to when I have ap-east-1 disabled.

https://console.aws.amazon.com/billing/home/?#/account has a highlighted note about STS endpoints -- if I'm reading that right, we'll either need to activate the global STS entpoint to issue session tokens that are valid in all AWS regions, or we'll need to switch endpoints when we work with the newer regions.