CLI: STS assume role operations not using proxy settings

[munch9]

Describe the bug

When running CLI operations (synth/deploy) STS assume role operation not using proxy settings.
connect ETIMEDOUT 54.239.32.126:443

Running netstat during cli operations shows repeated attempts to connect directly until timeout occurs
tcp 0 1 U-1IZ5ADH66TV96.d:41412 67.220.224.163:https SYN_SENT 395770/node

npx cdk -vvv synth

[14:50:34] Retrieved account ID nnnnnnnnnnnn from disk cache
[14:50:34] [trace] SdkProvider#forEnvironment()
[14:50:34] [trace]   SdkProvider#resolveEnvironment()
[14:50:34] [trace]   SdkProvider#obtainBaseCredentials()
[14:50:34] [trace]     SdkProvider#defaultAccount()
[14:50:34] [trace]     SdkProvider#defaultCredentials()
[14:50:34] [trace]   SdkProvider#withAssumedRole()
[14:50:34] Assuming role 'arn:aws:iam::nnnnnnnnnnnn:role/cdk-hnb659fds-lookup-role-nnnnnnnnnnnn-eu-west-1'.
[14:57:18] Assuming role failed: connect ETIMEDOUT 54.239.32.126:443

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

2.166.0

Expected Behavior

CLI commands should use proxy settings and assume role correctly

Current Behavior

Proxy is not used so connection times out

Reproduction Steps

Be behind an HTTP proxy
export HTTPS_PROXY=<proxy name>
Use a basic new CDK app with no or empty cdk.context.json

Create user an account with permission to assume role in the deployment target account
Create a role with necessary CDK deployment permissions in target account and trust to the assuming account root
Export user session credentials into the virtual environment

Synth stack and cdk.context.json is correctly populated.

repeat steps with any higher version of aws-cdk >2.166.0 and error is seen

Minimal working example
package.json

{
    "dependencies": {
      "aws-cdk": "2.166.0"
    }
}

requirements.txt

aws-cdk-lib==2.166.0
constructs>=10.0.0,<11.0.0

app.py

from aws_cdk import App, Stack, Environment
from aws_cdk.aws_ec2 import Vpc

env = Environment(account="012345678910", region="eu-east-1")

app = App()


class myStack(Stack):
    def __init__(self, scope, id, **kwargs):
        super().__init__(scope, id, **kwargs)
        vpc = Vpc.from_lookup(self, "vpc", vpc_id="DEAFUL-VPC-ID")


stack = myStack(app, "stack", env=env)

app.synth()

As a reverse test to prove the behaviour if not behind a proxy you can use a similar example.
set a non existent proxy value
export HTTPS_PROXY=http://localhost:8181
using cdk <=2.166.0 this will fail to synth as invalid proxy will be used and fail to connect
using cdk >2.166.0 will synth correctly as proxy setting is ignored

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.171.0

Framework Version

No response

Node.js Version

v20.12.1

OS

22.04

Language

Python

Language Version

3.9.20

Other information

No response

[pahud]

looking into this issue now.

[pahud]

The team is aware of this issue and is working on the fix at
#32291

[pahud]

internal D181250979

[rix0rrr]

The issue is known and the fix is here: #32291

A fixed version will be released December 6th.