IAM authentication not compatible with GovCloud #100

benbalter · 2015-04-29T19:06:02Z

In https://github.com/fog/fog-aws/blob/master/lib/fog/aws/iam.rb#L233, the IAM implementation assumes the region us us-east-1 for all requets.

#global services that have no region are signed with the us-east-1 region
@signer = Fog::AWS::SignatureV4.new( @aws_access_key_id, @aws_secret_access_key,'us-east-1','iam')

This is not true for AWS GovCloud, the government-specific AWS region.

If the host is set as iam.us-gov.amazonaws.com, a request for Fog::AWS::IAM#roles will return:

Credential should be scoped to a valid region, not 'us-east-1'.

Instead, I'd suggest that the IAM constructor accept a region argument (to mirror other constructors), which defaults to us-east-1, to allow for better GovCloud support.

The text was updated successfully, but these errors were encountered:

geemus · 2015-05-01T16:00:21Z

@benbalter sounds reasonable, I suspect we just hadn't stumbled upon this just yet. Would you be up for working on a pull request to fix this? Thanks!

benbalter · 2015-05-01T17:42:59Z

Would you be up for working on a pull request to fix this?

Sure thing. Done over in #102.

geemus · 2015-05-01T19:59:38Z

Awesome, thanks!

benbalter mentioned this issue May 1, 2015

Allow the IAM constructor to accept a region #102

Merged

geemus closed this as completed in #102 May 1, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IAM authentication not compatible with GovCloud #100

IAM authentication not compatible with GovCloud #100

benbalter commented Apr 29, 2015

geemus commented May 1, 2015

benbalter commented May 1, 2015

geemus commented May 1, 2015

IAM authentication not compatible with GovCloud #100

IAM authentication not compatible with GovCloud #100

Comments

benbalter commented Apr 29, 2015

geemus commented May 1, 2015

benbalter commented May 1, 2015

geemus commented May 1, 2015