Skip to content

EC2 Metadata service timeout #980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
SleepyBrett opened this issue Dec 27, 2018 · 4 comments
Closed

EC2 Metadata service timeout #980

SleepyBrett opened this issue Dec 27, 2018 · 4 comments
Labels
feature-request A feature should be added or improved.

Comments

@SleepyBrett
Copy link

We use a a reverse proxy in front of the ec2 metadata service ( github.com/jtblin/kube2iam ) on our kubernetes cluster to restrict certain namespaces to certain iam roles. It does this by intercepting the call, authenticating the source and making an STS AssumeRole call and passing the credentials back as if the metadata service returned it.

That STS call, of course, takes longer than just a raw call to the metadata service. This often means we get timeouts in our applications that do this.

I've dug through the documentation but haven't found a way to extend the timeout for metadata service calls. Can anyone point me to how I can do this? If it cannot be done consider this a feature request for same.

Expected Behavior

There should be a way for a user of the SDK to adjust the timeout for ec2 metadata service calls.

Current Behavior

We often see timeouts resulting in "Unable to locate credentials"

Possible Solution

Ability to set an env variable or set directly in code the timeout associated with these calls.

Steps to Reproduce (for bugs)

.. it's involved. But if you created a slimmed down similar proxy you could see the problem.

Context

Your Environment

  • AWS Java SDK version used: 2.0.0-preview-11
  • JDK version used: 8.x
  • Operating System and version: linux/kubernetes/container
@zoewangg
Copy link
Contributor

zoewangg commented Jan 9, 2019

Are you referring to EC2MetadataUtils? https://github.com/aws/aws-sdk-java-v2/blob/master/core/regions/src/main/java/software/amazon/awssdk/regions/internal/util/EC2MetadataUtils.java

@jbacon
Copy link

jbacon commented Jan 17, 2019
edited
Loading

@zoewangg Yeah, that is the class, it does not have adjustable connection timeout settings (like other services do). It might be nice to have adjustable timeouts there as well:

aws-sdk-java-v2/core/regions/src/main/java/software/amazon/awssdk/regions/internal/util/ConnectionUtils.java

Line 35 in 2b8d410

connection.setConnectTimeout(1000 * 2);

  • looks like there is already a TODO on the ConnectionUtils class for refactor

@zoewangg
Copy link
Contributor

At the moment, Ec2MetadataUtils and ConnectionUtils are internal only APIs and are subject to change.

We have plans to refactor and make them public, tracking in #61. Marking this as a feature request.

@justnance justnance added feature-request A feature should be added or improved. and removed Feature Request labels Apr 19, 2019
@millems
Copy link
Contributor

millems commented Jul 8, 2019

Resolving to track in #61

@millems millems closed this as completed Jul 8, 2019
aws-sdk-java-automation pushed a commit that referenced this issue Sep 30, 2020
@zoewangg
Merge pull request #980 from aws/zoewang/outposts-merging
e718b19 
merge outposts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@SleepyBrett @jbacon @millems @zoewangg @justnance