cloudyr
Disable region selection in list_roles and etc.
Please specify whether your issue is about:
- [x] a possible bug
- [ ] a question about package functionality
- [ ] a suggested code or documentation change, improvement to the code, or feature request
Hi, thanks for the great package.
When I tried the list_roles function, my default region was "ap-southeast-1" and I immediately got this error
> list_roles()
$Code
[1] "SignatureDoesNotMatch"
$Message
[1] "Credential should be scoped to a valid region, not 'ap-southeast-1'. "
...
It turns out that the IAM does not require a region for it is a global setting. We can confirm it by going to the IAM setting on the web console, the region at the top right corner should show "global". The default region us-east-1 should be used in the HTTP request. A temporary workaround for me is to pass the region as an argument
> list_roles(region = "us-east-1")
[[1]]
RoleName: /aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS
...
I'm not sure how many functions will have the same issue but I guess list_roles is not the only one. It would be better to not follow the region setting returned by aws.signature::locate_credentials and just set it to "us-east-1". Then the user's default region will not mess up the IAM HTTP request.
Best, Jiefei
This is also an issue for the get_caller_identity() function.
I happened to have AWS_DEFAULT_REGION set as an environment variable and was getting the same error message. hardcoding to get_caller_identity(region="us-east-1") fixed the issue. Unsetting the environment variable first and then calling with no parameters also worked.
#works
aws.iam::get_caller_identity(region="us-east-1")
#alternative option, also works
Sys.unsetenv("AWS_DEFAULT_REGION")
aws.iam::get_caller_identity()
