Aws-cdk: CDK CLI does not work through corporate proxy.

Created on 30 Aug 2018  路  17Comments  路  Source: aws/aws-cdk

CDK CLI does not work when the user connected to the internet through the proxy. I get

"connect ECONNREFUSED 54.240.195.235:443" error.

AWS CLI & npm does not have any trouble connecting to the internet. is this a known issue?

bug
Source
picture arullewis

Most helpful comment

This package wraps the SDK and looks at both https_proxy and HTTPS_PROXY:

https://www.npmjs.com/package/aws-sdk-proxy

Not suggesting we use that package, but we might use the same approach.

picture rix0rrr on 30 Aug 2018
👍2

All 17 comments

Facing the similar prob when i run the cdk behind the proxy.

Looking up default account ID from STS
Unable to determine the default AWS account (did you configure "aws configure"?): { Error: read ECONNRE
at _errnoException (util.js:992:11)
at TLSWrap.onread (net.js:618:25)
message: 'read ECONNRESET',
code: 'NetworkingError',
errno: 'ECONNRESET',
syscall: 'read',
region: 'us-east-1',
hostname: 'sts.amazonaws.com',
retryable: true,
time: 2018-08-30T07:02:18.784Z }
Setting "aws:cdk:toolkit:default-account" context to undefined

Black742 picture Black742 on 30 Aug 2018

That's a use-case we never had a chance to test with...

In order for us to be able to test/repro/fix, can you tell what OS you're using and which mechanism the proxy is configured by (system-wide, environment variables, ...)?

I suppose we need to specifically configure something to use proxy settings... We'll have to research what exactly, I guess.

RomainMuller picture RomainMuller on 30 Aug 2018

Related issues:

https://github.com/aws/aws-sdk-js/issues/108
https://github.com/aws/aws-sdk-js/issues/1619

rix0rrr picture rix0rrr on 30 Aug 2018

Oh yeah, looks like we need to do work on our end:

https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/

Are people feeling strongly about which environment variable to use? I've seen all of these used:

http_proxy
HTTP_PROXY
https_proxy
HTTPS_PROXY
rix0rrr picture rix0rrr on 30 Aug 2018

This package wraps the SDK and looks at both https_proxy and HTTPS_PROXY:

https://www.npmjs.com/package/aws-sdk-proxy

Not suggesting we use that package, but we might use the same approach.

rix0rrr picture rix0rrr on 30 Aug 2018
👍2

As a wordaround have configured the proxy in the sdk.js file and able to make the connect to the sts server through aws-cdk.

filelocation = aws-cdk/lib/api/util/sdk.js

const proxy = require('proxy-agent')
aws_sdk_1.config.update({
httpOptions: {
agent: proxy("http://localhost:3128")
}
});

Black742 picture Black742 on 30 Aug 2018

@RomainMuller I am using Windows 10 and system wide http proxy settings.

arullewis picture arullewis on 4 Sep 2018

filelocation = aws-cdk/lib/api/util/sdk.js

@Black742 - I can not find this location in my node_modules directory. Am i missing something?

arullewis picture arullewis on 4 Sep 2018

i have same issue. i use windows10.
i want to cofingure environment variables .
Environment variables on Windows are not case sesitive.

taichi picture taichi on 4 Sep 2018

@arullewis U should be able to find the files in the global node modules installed directory..
\AppData\Roaming\npm\node_modules\aws-cdk\lib\api\utilsdk.js

Black742 picture Black742 on 5 Sep 2018

@costleya and I both still see this in the latest master. Are you sure it's fixed? Reopening.

Verbose output:

> cdk deploy hello-cdk-1 -v

...

Key must be a buffer
TypeError: Key must be a buffer
    at new Hmac (crypto.js:117:16)
    at Object.createHmac (crypto.js:643:10)
    at Object.hmac (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\util.js:401:30)
    at Object.getSigningKey (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4_credentials.js:62:8)
    at V4.signature (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4.js:97:36)
    at V4.authorization (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4.js:92:36)
    at V4.addAuthorization (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4.js:34:12)
    at C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\event_listeners.js:225:18
    at finish (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\config.js:322:7)
    at C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\config.js:340:9
mpiroc picture mpiroc on 7 Sep 2018

What kind of permissions are you using while doing this (aws configure/environment variables/a credential plugin)?

I've seen this happen when the wrong kind of permission object is passed to the SDK. Thought I fixed them, but maybe not.

rix0rrr picture rix0rrr on 7 Sep 2018

This turned out to be a PEBKAC--my PATH was pointing to an old build of the CDK.

mpiroc picture mpiroc on 7 Sep 2018

@rix0rrr when can we expect this commit to be released?

arullewis picture arullewis on 11 Sep 2018

Any day now. Stay tuned

rix0rrr picture rix0rrr on 11 Sep 2018

@rix0rrr Thanks for fixed release. But there is a lack of code modification.

https://github.com/awslabs/aws-cdk/blob/b2227311558e32295d3f9ea127b5a38a4b49d63b/packages/aws-cdk/lib/api/util/sdk.ts#L196

i think right code is below.

const result = await new AWS.STS({ credentials: creds, ...this.defaultClientArgs }).getCallerIdentity().promise();
taichi picture taichi on 12 Sep 2018

Oh bully. You are correct.

rix0rrr picture rix0rrr on 12 Sep 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

EduardTheThird picture EduardTheThird  路  3Comments
PaulMaddox picture PaulMaddox  路  3Comments
vgribok picture vgribok  路  3Comments
v-do picture v-do  路  3Comments
nzspambot picture nzspambot  路  3Comments