I'm having an issue where a AWS Cognito issue is working locally, but once deployed into K8s, it will not work. I'm hoping to get some help as to why.
The following simplified Go function works on my local development machine (Fedora 39), but once put into K8s it is not working. I have removed all the ENV vars and hard coded them to ensure that wasn't the issue.
func GetUserEmail(username string) string {
// userPoolID := os.Getenv("AWS_USER_POOL_ID")
// awsRegion := os.Getenv("AWS_REGION_ID")
userPoolID := "us-east-2_xxxxxxxxx"
awsRegion := "us-east-2"
username = "xxxxxxxx-xxxx-xxxx-xxxx-bc4d2c17e7c8"
verbose := true
mySession := session.Must(session.NewSession())
// Create a CognitoIdentityProvider client with additional configuration
svc := cognitoidentityprovider.New(mySession, aws.NewConfig().WithRegion(awsRegion).WithCredentialsChainVerboseErrors(verbose))
userInput := &cognitoidentityprovider.AdminGetUserInput{}
userInput.SetUserPoolId(userPoolID)
userInput.SetUsername(username)
log.Printf("userInput: %+v\n", userInput)
userOutput, err := svc.AdminGetUser(userInput)
if err != nil {
log.Printf("cognito client admin get user error: %s", err.Error())
return ""
}
att := userOutput.UserAttributes
for _, attr := range att {
if *attr.Name == "email" {
return *attr.Value
}
}
return ""
}
When I run this code locally, it returns the email as expected, however, then I run this in K8s I get the following error:
2023/12/30 21:58:57 cognito client admin get user error: NoCredentialProviders: no valid providers in chain. Deprecated.
Part of the verbose errors are:
2023/12/30 21:43:10 cognito client admin get user error: NoCredentialProviders: no valid providers in chain caused by: EnvAccessKeyNotFound: failed to find credentials in the environment. SharedCredsLoad: failed to load profile, . EC2RoleRequestError: no EC2 instance role found caused by: RequestError: send request failed caused by: Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Any help is greatly appreciated.
AWS SDK GO Requires that you have credentials provided to the system to authenticate the actions. The docs specify that you need to pass those as environment variables into the system and it will use those in the header.
This document explains the information required: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
My local machine has the AWS CLI installed which creates a .aws folder in your home directory that the local version uses when run locally.
After adding the two credentials required, the app works great. Thanks Ermiya Eskandary for the link.