Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Route53 list-hosted-zones in China #449

Open
si-robinson opened this issue Nov 9, 2021 · 1 comment
Open

Route53 list-hosted-zones in China #449

si-robinson opened this issue Nov 9, 2021 · 1 comment

Comments

@si-robinson
Copy link

si-robinson commented Nov 9, 2021
edited
Loading

Using version 0.3.152

Trying to (route53/list-hosted-zones (:client-opts this))
Where (:client-opts this) looks like this:

{:endpoint "cn-northwest-1"}

produces :
INFO c.a.i.DefaultServiceEndpointBuilder - {route53, cn-northwest-1} was not found in region metadata, trying to construct an endpoint using the standard pattern for this region: 'route53.cn-northwest-1.amazonaws.com.cn'.

followed by:
Unable to execute HTTP request: route53.cn-northwest-1.amazonaws.com.cn

This would appear to be because Route53 endpoint in China is actually route53.amazonaws.com.cn

Changing client-opts to be

{:endpoint "route53.amazonaws.com.cn"}

results in:
com.amazonaws.services.route53.model.AmazonRoute53Exception: The security token included in the request is invalid.
(I'm assuming because it needs to know which region to use for IAM).

But trying to supply region as well in the client-opts:

{:endpoint "route53.amazonaws.com.cn"
 :region "cn-northwest-1"}

Still results in:
com.amazonaws.services.route53.model.AmazonRoute53Exception: The security token included in the request is invalid.

(I'm using AWS_PROFILEs and have checked that the credentials I'm using have access (they're admin).

I can see that cn-northwest-1 exists in aws-java-sdk-core/com.amazonaws/regions/Regions
And in com.amazonaws.services.route53.model/VPCRegion

So am assuming that for China, you need to override the endpoint and use the region provided?
@si-robinson
Copy link
Author

si-robinson commented Nov 9, 2021
edited
Loading

Actually, going back through my cmds, I can see I tried get-hosted-zone using my AWS_PROFILE, not list-hosted-zones.
list-hosted-zones doesn't work with my profile (despite it being admin), so maybe this just isn't a thing in China?

EDIT: So, it does work in China but you have to supply the region as well as the profile:

aws route53 list-hosted-zones --profile china
An error occurred (InvalidClientTokenId) when calling the ListHostedZones operation: The security token included in the request is invalid.

vs

aws route53 list-hosted-zones --profile china --region cn-northwest-1
{
    "HostedZones": [
        {
          ........

@si-robinson si-robinson changed the title Route53 in China Route53 list-hosted-zones in China Nov 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@si-robinson