-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot determine scope for context provider availability-zones for China regions #1262
Comments
Please post a trace of executing with |
Here is the debug log. I think there might be an issue with STS endpoint for China region.
|
I cannot reproduce this on my machine using the steps your described. Could you have a look at the files in your ~/.aws/credentials
~/.aws/config
And that the shell in which you were running this did not have any
|
I did check these things. It works on aws cli since I can list s3 buckets in China regions. I have additional profiles setup for Global regions. Will that cause the problem? |
I see in the line here , region parameter is not set. The client will connect to STS in us-east-1, not China region, right? const result = await new AWS.STS({ credentials: creds }).getCallerIdentity().promise(); |
I know, I've noticed the same, and also thought it was a bug. Yet when I tried to reproduce failures, it did work on my machine. I don't know why. Here's my bug report to SDK team: aws/aws-sdk-js#2377 |
I also have multiple profiles in my AWS config. The China endpoint does work for me, if credentials configured either in the default or a specific profile. |
If it helps, for me I'm at this version of the SDK:
|
Okay, I now know this happens to work on my machine because somewhere in my Node process the following gets set:
Which makes the default region load itself from the .ini file, and makes the rest work out. Apparently this is not true for everyone. |
Ah and I have that variable set because I'm loading a credentials plugin!! |
Your proposed fix is correct. We need to thread the This won't make it work for AssumeRole profiles yet. To that end, we need to configure the profile region globally in |
Current release of CDK (0.18.1) Cannot determine scope for context provider availability-zones for China regions (cn-north-1 and cn-northwest-1).
I did setup default credentials with aws configure and can list S3 buckets without problem. But CDK was not able to get the account and region.
The text was updated successfully, but these errors were encountered: