Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 with :use_fips_endpoint fails #2718

Closed
akostadinov opened this issue Jun 22, 2022 · 5 comments · Fixed by #2741
Closed

S3 with :use_fips_endpoint fails #2718

akostadinov opened this issue Jun 22, 2022 · 5 comments · Fixed by #2741
Labels
documentation This is a problem with documentation. guidance Question that needs advice or information.

Comments

@akostadinov
Copy link

Describe the bug

When creating S3 client with :use_fips_endpoint I can't access bucket still.

This is related to #2645

Expected Behavior

Things to work.

Current Behavior

2022-06-21T19:22:02.806Z 1 TID-qov6t WARN: Seahorse::Client::NetworkingError: Failed to open TCP connection to s3-fips.amazonaws.com:443 (getaddrinfo: Name or service not known)
2022-06-21T19:22:02.806Z 1 TID-qov6t WARN: /opt/rh/rh-ruby26/root/usr/share/ruby/net/http.rb:949:in `rescue in block in connect'
/opt/rh/rh-ruby26/root/usr/share/ruby/net/http.rb:946:in `block in connect'
/opt/rh/rh-ruby26/root/usr/share/ruby/timeout.rb:93:in `block in timeout'
/opt/rh/rh-ruby26/root/usr/share/ruby/timeout.rb:103:in `timeout'
/opt/rh/rh-ruby26/root/usr/share/ruby/net/http.rb:945:in `connect'
/opt/rh/rh-ruby26/root/usr/share/ruby/net/http.rb:930:in `do_start'
/opt/rh/rh-ruby26/root/usr/share/ruby/net/http.rb:925:in `start'
/opt/rh/rh-ruby26/root/usr/share/ruby/delegate.rb:83:in `method_missing'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/net_http/connection_pool.rb:307:in `start_session'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/net_http/connection_pool.rb:100:in `session_for'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/net_http/handler.rb:128:in `session'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/net_http/handler.rb:76:in `transmit'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/net_http/handler.rb:50:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/plugins/content_length.rb:24:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/plugins/request_callback.rb:85:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/s3_signer.rb:132:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/s3_signer.rb:63:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/s3_host_id.rb:17:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/xml/error_handler.rb:10:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/transfer_encoding.rb:26:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:12:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/s3_signer.rb:110:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/redirects.rb:20:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:360:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:394:in `retry_request'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:382:in `retry_if_possible'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:371:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:394:in `retry_request'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:382:in `retry_if_possible'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:371:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:394:in `retry_request'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:382:in `retry_if_possible'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/retry_errors.rb:371:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/md5s.rb:31:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/http_checksum.rb:19:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/endpoint_pattern.rb:30:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/accelerate.rb:67:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/checksum_algorithm.rb:136:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/bucket_dns.rb:35:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/dualstack.rb:41:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb:39:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/expect_100_continue.rb:22:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb:26:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/arn.rb:62:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/rest/handler.rb:10:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/recursion_detection.rb:18:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/user_agent.rb:13:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/endpoint_discovery.rb:80:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/plugins/endpoint.rb:47:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/param_validator.rb:26:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/logging.rb:41:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/arn.rb:88:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/plugins/raise_response_errors.rb:16:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/sse_cpk.rb:24:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/dualstack.rb:27:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/plugins/accelerate.rb:56:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/checksum_algorithm.rb:111:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/param_converter.rb:26:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/plugins/request_callback.rb:71:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/aws-sdk-core/plugins/response_paging.rb:12:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/plugins/response_target.rb:24:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-core-3.131.2/lib/seahorse/client/request.rb:72:in `send_request'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/client.rb:12369:in `put_object'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_uploader.rb:64:in `block in put_object'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_uploader.rb:53:in `block in open_file'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_uploader.rb:53:in `open'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_uploader.rb:53:in `open_file'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_uploader.rb:63:in `put_object'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/file_uploader.rb:45:in `upload'
/opt/system/vendor/bundle/ruby/2.6.0/gems/aws-sdk-s3-1.114.0/lib/aws-sdk-s3/customizations/object.rb:440:in `upload_file'
/opt/system/vendor/bundle/ruby/2.6.0/gems/paperclip-6.1.0/lib/paperclip/storage/s3.rb:379:in `block in flush_writes'
/opt/system/vendor/bundle/ruby/2.6.0/gems/paperclip-6.1.0/lib/paperclip/storage/s3.rb:352:in `each'
/opt/system/vendor/bundle/ruby/2.6.0/gems/paperclip-6.1.0/lib/paperclip/storage/s3.rb:352:in `flush_writes'
/opt/system/vendor/bundle/ruby/2.6.0/gems/paperclip-6.1.0/lib/paperclip/attachment.rb:246:in `save'
/opt/system/vendor/bundle/ruby/2.6.0/gems/paperclip-6.1.0/lib/paperclip/has_attached_file.rb:92:in `block in add_active_record_callbacks'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:426:in `instance_exec'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:426:in `block in make_lambda'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:236:in `block in halting_and_conditional'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:517:in `block in invoke_after'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:517:in `each'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:517:in `invoke_after'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:133:in `run_callbacks'
/opt/system/vendor/bundle/ruby/2.6.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rails/active_record_rescue.rb:25:in `run_callbacks'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/callbacks.rb:816:in `_run_save_callbacks'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/callbacks.rb:342:in `create_or_update'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/persistence.rb:308:in `save!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/validations.rb:52:in `save!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:315:in `block in save!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:387:in `block in with_transaction_returning_status'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/connection_adapters/abstract/database_statements.rb:265:in `transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:212:in `transaction'
/opt/system/lib/deadlock_retry.rb:52:in `transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:385:in `with_transaction_returning_status'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:315:in `save!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/suppressor.rb:48:in `save!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/associations/collection_association.rb:375:in `insert_record'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/associations/has_many_association.rb:36:in `insert_record'
/opt/system/vendor/bundle/ruby/2.6.0/gems/protected_attributes_continued-1.8.2/lib/active_record/mass_assignment_security/associations.rb:52:in `block (2 levels) in create_record'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/associations/collection_association.rb:458:in `replace_on_target'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/associations/collection_association.rb:283:in `add_to_target'
/opt/system/vendor/bundle/ruby/2.6.0/gems/protected_attributes_continued-1.8.2/lib/active_record/mass_assignment_security/associations.rb:50:in `block in create_record'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/associations/collection_association.rb:135:in `block in transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/connection_adapters/abstract/database_statements.rb:265:in `transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:212:in `transaction'
/opt/system/lib/deadlock_retry.rb:52:in `transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/associations/collection_association.rb:134:in `transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/protected_attributes_continued-1.8.2/lib/active_record/mass_assignment_security/associations.rb:49:in `create_record'
/opt/system/vendor/bundle/ruby/2.6.0/gems/protected_attributes_continued-1.8.2/lib/active_record/mass_assignment_security/associations.rb:38:in `create!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/protected_attributes_continued-1.8.2/lib/active_record/mass_assignment_security/associations.rb:86:in `create!'
/opt/system/app/lib/simple_layout.rb:82:in `block in import_images!'
/opt/system/app/lib/simple_layout.rb:81:in `each'
/opt/system/app/lib/simple_layout.rb:81:in `import_images!'
/opt/system/app/lib/simple_layout.rb:95:in `block in import!'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/connection_adapters/abstract/database_statements.rb:267:in `block in transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/connection_adapters/abstract/transaction.rb:239:in `block in within_new_transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/concurrency/load_interlock_aware_monitor.rb:26:in `block (2 levels) in synchronize'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in `handle_interrupt'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/concurrency/load_interlock_aware_monitor.rb:25:in `block in synchronize'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in `handle_interrupt'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/concurrency/load_interlock_aware_monitor.rb:21:in `synchronize'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/connection_adapters/abstract/transaction.rb:236:in `within_new_transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/connection_adapters/abstract/database_statements.rb:267:in `transaction'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.8/lib/active_record/transactions.rb:212:in `transaction'
/opt/system/lib/deadlock_retry.rb:52:in `transaction'
/opt/system/app/lib/simple_layout.rb:87:in `import!'
/opt/system/app/lib/logic/provider_signup.rb:127:in `import_simple_layout!'
/opt/system/app/workers/signup_worker.rb:45:in `perform'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:192:in `execute_job'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:165:in `block (2 levels) in process'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:128:in `block in invoke'
/opt/system/lib/three_scale/sidekiq_retry_support.rb:56:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/app/lib/three_scale/analytics/sidekiq_middleware.rb:5:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-throttled-0.11.0/lib/sidekiq/throttled/middleware.rb:14:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/sidekiq.rb:24:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/yabeda-sidekiq-0.7.0/lib/yabeda/sidekiq/server_middleware.rb:16:in `block in call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/yabeda-0.8.0/lib/yabeda/dsl/class_methods.rb:69:in `with_tags'
/opt/system/vendor/bundle/ruby/2.6.0/gems/yabeda-sidekiq-0.7.0/lib/yabeda/sidekiq/server_middleware.rb:15:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-lock-0.4.0/lib/sidekiq/lock/middleware.rb:8:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-batch-0.1.6/lib/sidekiq/batch/middleware.rb:20:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/middleware/chain.rb:133:in `invoke'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:164:in `block in process'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:137:in `block (6 levels) in dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/job_retry.rb:109:in `local'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:136:in `block (5 levels) in dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/rails.rb:43:in `block in call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/execution_wrapper.rb:90:in `wrap'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/reloader.rb:73:in `block in wrap'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/execution_wrapper.rb:90:in `wrap'
/opt/system/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.8/lib/active_support/reloader.rb:72:in `wrap'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/rails.rb:42:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:132:in `block (4 levels) in dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:250:in `stats'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:127:in `block (3 levels) in dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/job_logger.rb:8:in `call'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:126:in `block (2 levels) in dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/job_retry.rb:74:in `global'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:125:in `block in dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/logging.rb:48:in `with_context'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/logging.rb:42:in `with_job_hash_context'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:124:in `dispatch'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:163:in `process'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:83:in `process_one'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/processor.rb:71:in `run'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/util.rb:16:in `watchdog'
/opt/system/vendor/bundle/ruby/2.6.0/gems/sidekiq-5.2.9/lib/sidekiq/util.rb:25:in `block in safe_thread'

Reproduction Steps

client = Aws::S3::Client.new( region: "us-east-1", credentials: Aws::Credentials.new("key", "skey"), use_fips_endpoint: true, force_path_style: false)
resp = client.head_bucket({ bucket: "my-bucket" })

Possible Solution

Probably discovery as described here can help: hashicorp/terraform-provider-aws#14217

Additional Information/Context

No response

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version

aws-sdk-s3

Environment details (Version of Ruby, OS environment)

Red Hat Enterprise Linux 7, Ruby 2.6.7
@akostadinov akostadinov added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 22, 2022
@alextwoods
Copy link
Contributor

Whats the actual bucket name you're using?

The issue here I believe is that in the FIPS regions, the bucket needs to be the endpoint host prefix, but the uri in your stack trace doesn't have the bucket name. With a DNS compatible bucket, I see the correct behavior, eg:

s3 = Aws::S3::Client.new(use_fips_endpoint: true, http_wire_trace: true)
s3.head_bucket(bucket: 'my-bucket')

# wire trace
# opening connection to my-bucket.s3-fips.us-west-1.amazonaws.com:443...

However, our bucket_dns plugin will check for dns compatible bucket names, and only move the bucket name to the endpoint prefix when it is: https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/lib/aws-sdk-s3/plugins/bucket_dns.rb#L44, eg:

s3 = Aws::S3::Client.new(use_fips_endpoint: true, http_wire_trace: true)
s3.head_bucket(bucket: 'my.bucket')

# wire trace
# opening connection to s3-fips.us-west-1.amazonaws.com:443...
[Aws::S3::Client 0 2.200636 3 retries] head_bucket(bucket:"my.bucket") Aws::Errors::NoSuchEndpointError Encountered a `SocketError` while attempting to connect to:

  https://s3-fips.us-west-1.amazonaws.com/my.bucket

@alextwoods alextwoods removed the needs-triage This issue or PR still needs to be triaged. label Jun 22, 2022
@mullermp
Copy link
Contributor

s3_us_east_1_regional_endpoint defaults to legacy. For us-east-1, the legacy url (s3.amazonaws.com) is being used. You'll need to configure s3_us_east_1_regional_endpoint: regional. Also force_path_style defaults to false already.

@akostadinov
Copy link
Author

Later I figured out s3_us_east_1_regional_endpoint, thank you. Perhaps it should default to regional when fips endpoints are used? Because global endpoints don't work anyway:

$ nslookup bucketname.s3-fips.amazonaws.com
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find bucketname.s3-fips.amazonaws.com: NXDOMAIN

I think the key for my issue is DNS compatible bucket. Yes - my bucket name has dots. Thank you for pointing this out!

Maybe an error should be thrown when using fips endpoints with a dotted bucket? Or maybe a few notes about using fips endpoints in documentation can help.

Thank you again.

@mullermp mullermp added documentation This is a problem with documentation. guidance Question that needs advice or information. and removed bug This issue is a bug. labels Jun 23, 2022
@akostadinov
Copy link
Author

I wanted to add a note about s3_us_east_1_regional_endpoint and bucket names with dots in the S3::Client documentation but I don't see where it comes from. I think this would help a lot to avoid confusion for any users.

Of course even better is to set this option automatically for fips endpoint.

Also an option to force domain style URLs would be very useful. For people that decide or need to go that route, for example with a custom CA validation.

@logwolvy logwolvy mentioned this issue Jul 14, 2022
Closed
@mullermp mullermp mentioned this issue Oct 14, 2022
Merged
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation This is a problem with documentation. guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dynamic endpoints aws/aws-sdk-ruby
3 participants
@akostadinov @mullermp @alextwoods