Validate security credentials obtained from Instance Metadata Service

Getting security credentials from Instance Metadata Service fails when an EC2 instance does not have permissions to assume a role. When that happens, we get a very unhelpful error message "Value cannot be null. (Parameter 'awsAccessKeyId')" Do response validation so that we get better exception message. See also aws/aws-cli#2060
opottone · Feb 28, 2024 · 143f296 · 143f296
1 parent 22c8103
commit 143f296
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/sdk/src/Core/Amazon.Runtime/Credentials/URIBasedRefreshingCredentialHelper.cs b/sdk/src/Core/Amazon.Runtime/Credentials/URIBasedRefreshingCredentialHelper.cs
@@ -85,9 +85,12 @@ protected static T GetObjectFromResponse<T, TC>(Uri uri, IWebProxy proxy, Dictio
                 Amazon.Util.Internal.JsonSerializerContext,
 #endif
                 new()
+            where T : SecurityBase
         {
             string json = GetContents(uri, proxy, headers);
-            return JsonSerializerHelper.Deserialize<T>(json, new TC());
+            var result = JsonSerializerHelper.Deserialize<T>(json, new TC());
+            ValidateResponse(result);
+            return result;
         }
 
         protected static void ValidateResponse(SecurityBase response)