Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: iam provider cannot be used in the China region #1575

Open
1 task done
michael9987 opened this issue Nov 25, 2024 · 1 comment
Open
1 task done

[Bug]: iam provider cannot be used in the China region #1575

michael9987 opened this issue Nov 25, 2024 · 1 comment
Labels
bug Something isn't working needs:triage

Comments

@michael9987
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Affected Resource(s)

provider-aws-iam

Resource MRs required to reproduce the bug

No response

Steps to Reproduce

Create iam users, create iam policies, and bind them

What happened?

{
"eventVersion": "1.10",
"userIdentity": {
"type": "AssumedRole",
"principalId": "xxxxxxx:xxxxxxx",
"arn": "arn:aws-cn:sts::xxxxxxx:assumed-role/prod-infra-crossplane-provider/xxxxxxx",
"accountId": "xxxxxxx",
"accessKeyId": "xxxxxxx",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "xxxxxxx",
"arn": "arn:aws-cn:iam::xxxxxxx:role/prod-infra-crossplane-provider",
"accountId": "xxxxxxx",
"userName": "prod-infra-crossplane-provider"
},
"webIdFederationData": {
"federatedProvider": "arn:aws-cn:iam::xxxxxxx:oidc-provider/oidc.eks.cn-northwest-1.amazonaws.com.cn/id/xxxxxxx",
"attributes": {}
},
"attributes": {
"creationDate": "2024-11-25T08:02:25Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-11-25T08:16:59Z",
"eventSource": "iam.amazonaws.com",
"eventName": "ListPolicyVersions",
"awsRegion": "cn-north-1",
"sourceIPAddress": "xxxxxxx",
"userAgent": "APN/1.0 HashiCorp/1.0 Terraform (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) m/C aws-sdk-go-v2/1.32.2 os/linux lang/go#1.23.2 md/GOOS#linux md/GOARCH#amd64 api/iam#1.37.2 crossplane-provider-aws/v1.17.0 upbound-provider-aws/v1.17.0",
"requestParameters": {
"policyArn": "arn:aws:iam::xxxxxxx:policy/xxxxxxx"
},
"responseElements": null,
"requestID": "b6f94d82-d0fd-4b74-a433-c2a94e55cc8f",
"eventID": "b4235c48-d416-4a27-aa72-db8216a57786",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "xxxxxxx",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.3",
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "iam.cn-north-1.amazonaws.com.cn"
}
}

Line 33-34 requestParameters should be "arn:aws-cn:iam"

Relevant Error Output Snippet

No response

Crossplane Version

1.3.1

Provider Version

1.17.0

Kubernetes Version

1.30

Kubernetes Distribution

EKS

Additional Info

No response
@michael9987 michael9987 added bug Something isn't working needs:triage labels Nov 25, 2024
@michael9987
Copy link
Author

This issue seems to have been fixed in the new version, but all iam resources need to be rebuilt to take effect. How can it take effect without rebuilding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs:triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michael9987