-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Beijing region doesn't work. #400
Comments
Anthony, Hmm, I wasn't even aware of a China region, nor have I tested against it. Per the Support API documentation, the Support API only has an endpoint in us-east-1. If the China region(s) is isolated in some weird way that us-east-1 can't be reached, my only suggestion would be to disable Trusted Advisor support ( If anyone else has further information on this please feel free to comment, but for the time being I'm going to close this issue as the docs linked above make it very clear that the Support API only has one endpoint, in us-east-1, and the error pasted above makes it look like the new China regions work very differently from all other current/known regions (i.e. IAM is global, and creds that work in one region should work in all regions). |
FYI, AWS partitions outside the standard ones usually have their own documentation. e.g. |
Here is some info I found. https://docs.amazonaws.cn/en_us/aws/latest/userguide/awssupport.html Feature Availability and Implementation Differences I tried the --skip-ta option and here are the results [root@av1c6ocvcu01 bin]# ./awslimitchecker -u --profile=cn --region cn-north-1 --skip-ta -vv |
I guess I closed this rather prematurely given the information from @bflad - I've never worked with partitions outside of the standard ones and wasn't aware of this. @AnthonyWingerter apologies for not following up on this sooner. So from that output, it looks like Does anyone have thoughts on how this should be handled? In the past I've seen that the errors raised when a service or method is not supported in a specific region aren't terribly similar, so catching and analyzing those errors requires a lot of code (and a lot of iterative development, which is hard since I don't have access to these partitions). On the other hand, I'm concerned that some hard-coded "skip these things in these regions" logic would be a maintenance nightmare. I'm certainly open to any opinions on how this could be handled... |
AWS just added a Support endpoint for Govcloud, https://support.us-gov-west-1.amazonaws.com. See https://aws.amazon.com/about-aws/whats-new/2019/08/aws-support-api-now-available-in-aws-govcloud/ |
Thanks to @djkiourtsis via #434, we now have support for assumed role partitions for STS, and alternate regions for use with Trusted Advisor (support API). This is currently only implemented at the python API level, but I'll be adding command-line arguments to match up with these new configuration options. I believe that will solve this issue. |
@shivknight @AnthonyWingerter A tentative fix for this is present now in the If any of you have the time to do a development installation of the Regardless, this should be present in the next release. Many apologies for the delay on this. |
This has been fixed in 8.0.0 which is now live on PyPI and Docker Hub. Apologies for any delays in getting this released. |
Hello,
It appears when trying to connect to the AWS cn-north-1 region it still attempts to connect to ttps://support.us-east-1.amazonaws.com
Is there a way to change this behavior?
Thanks and regards,
-Anthony-
[root@av1c6ocvcu01 bin]# ./awslimitchecker --profile=cn --region cn-north-1 -vv
awslimitchecker 6.1.5 is AGPL-licensed free software; all users have a right to the full source code of this version. See https://github.com/jantman/awslimitchecker
2019-03-08 14:59:42,929 [DEBUG checker.py:206 - awslimitchecker.checker._boto_conn_kwargs() ] Using credentials profile: cn
2019-03-08 14:59:42,959 [DEBUG cloudtrail.py:116 - awslimitchecker.services.cloudtrail.get_limits() ] Gathering CloudTrail's limits from AWS
2019-03-08 14:59:43,100 [INFO connectable.py:90 - awslimitchecker.connectable.connect() ] Connected to dynamodb in region cn-north-1
2019-03-08 14:59:43,101 [DEBUG lambdafunc.py:82 - awslimitchecker.services.lambdafunc.get_limits() ] Getting limits for Lambda
2019-03-08 14:59:43,101 [DEBUG cloudtrail.py:116 - awslimitchecker.services.cloudtrail.get_limits() ] Gathering CloudTrail's limits from AWS
2019-03-08 14:59:43,102 [DEBUG lambdafunc.py:82 - awslimitchecker.services.lambdafunc.get_limits() ] Getting limits for Lambda
2019-03-08 14:59:43,112 [INFO connectable.py:90 - awslimitchecker.connectable.connect() ] Connected to support in region us-east-1
2019-03-08 14:59:43,113 [INFO trustedadvisor.py:162 - awslimitchecker.trustedadvisor._poll() ] Beginning TrustedAdvisor poll
2019-03-08 14:59:43,113 [DEBUG trustedadvisor.py:219 - awslimitchecker.trustedadvisor._get_limit_check_id() ] Querying Trusted Advisor checks
2019-03-08 14:59:43,115 [DEBUG retry.py:210 - urllib3.util.retry.from_int() ] Converted retries value: False -> Retry(total=False, connect=None, read=None, redirect=0, status=None)
2019-03-08 14:59:43,115 [DEBUG connectionpool.py:813 - urllib3.connectionpool._new_conn() ] Starting new HTTPS connection (1): support.us-east-1.amazonaws.com:443
2019-03-08 14:59:43,315 [DEBUG connectionpool.py:393 - urllib3.connectionpool._make_request() ] https://support.us-east-1.amazonaws.com:443 "POST / HTTP/1.1" 400 107
Traceback (most recent call last):
File "./awslimitchecker", line 11, in
sys.exit(console_entry_point())
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/runner.py", line 415, in console_entry_point
r.console_entry_point()
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/runner.py", line 409, in console_entry_point
res = self.check_thresholds()
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/runner.py", line 310, in check_thresholds
service=self.service_name)
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/checker.py", line 550, in check_thresholds
self.ta.update_limits()
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/trustedadvisor.py", line 141, in update_limits
ta_results = self._poll()
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/trustedadvisor.py", line 163, in _poll
tmp = self._get_limit_check_id()
File "/covisint/bin/limitchecker/lib/python2.7/site-packages/awslimitchecker/trustedadvisor.py", line 233, in _get_limit_check_id
raise ex
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeTrustedAdvisorChecks operation: The security token included in the request is invalid.
The text was updated successfully, but these errors were encountered: