Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vague :nxdomain error when client.region is nil #206

Open
wyattisimo opened this issue Jan 2, 2025 · 1 comment
Open

Vague :nxdomain error when client.region is nil #206

wyattisimo opened this issue Jan 2, 2025 · 1 comment

Comments

@wyattisimo
Copy link

If the AWS client is inadvertently created with a nil value for the region, then invoking a resource request will result in a vague {:error, :nxdomain} result.

Example

GIVEN:

The env var AWS_REGION is not set, but AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are.

WHEN:

This code is executed:

aws = AWS.Client.create(
  System.get_env("AWS_ACCESS_KEY_ID"),
  System.get_env("AWS_SECRET_ACCESS_KEY"),
  System.get_env("AWS_REGION")
)
{:ok, msg} = AWS.Lambda.delete_function(aws, "my-lambda-function", %{})

THEN:

The following error occurs:

(MatchError) no match of right hand side value: {:error, :nxdomain}

Notes

After some investigation, I discovered that the request sent to hackney was specifying the host as: lambda..amazonaws.com

This malformed host value is built when parts contains ["lambda", nil, "amazonaws.com"] in the build_final_endpoint function here:

joined = Enum.join(parts, ".")

build_final_endpoint is called here:

build_final_endpoint(
[
to_string(metadata[:host_prefix]) <> metadata.endpoint_prefix,
client.region,
endpoint
],
build_options
)

Resolution?

If the AWS API always requires a region subdomain for these endpoints, it would be helpful if this library had some sort of validation to ensure the presence of client.region and produce a clear error message when it's missing.

@onno-vos-dev
Copy link
Member

@wyattisimo Thank you for the detailed issue! It's the start of 2025 but I'd argue you probably won 2025's "Best Issue Award" 👍 🥇

The fun of regions and the bungeejumping with that in AWS. It's been a while since I dug deep into this but I believe AWS assumes a default region in some places (so called "global" endpoints) while it's necessary in others. Hence (IIRC) we assume the region to always need to be defined. Lambda is one of those where the region is at least required. (See doc).

I'm more than open to find a "happy place" to provide a more clear error message on the client.region being missing so if you have a decent proposal for a "happy place" I'd be open to accept a PR 👍

How about we add a check in:

def create(access_key_id, secret_access_key, token, region) do
and change it to something like:

def create(access_key_id, secret_access_key, token, nil) do
   raise RuntimeError, "missing region"
end

def create(access_key_id, secret_access_key, token, region) do
  %AWS.Client{
    access_key_id: access_key_id,
    secret_access_key: secret_access_key,
    session_token: token,
    region: region
  }
end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants