Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK CLI does not work through corporate proxy. #645

Closed
arullewis opened this issue Aug 30, 2018 · 17 comments · Fixed by #666
Closed

CDK CLI does not work through corporate proxy. #645

arullewis opened this issue Aug 30, 2018 · 17 comments · Fixed by #666
Labels
bug This issue is a bug.

Comments

@arullewis
Copy link

CDK CLI does not work when the user connected to the internet through the proxy. I get

"connect ECONNREFUSED 54.240.195.235:443" error.

AWS CLI & npm does not have any trouble connecting to the internet. is this a known issue?
@Black742
Copy link

Facing the similar prob when i run the cdk behind the proxy.

Looking up default account ID from STS
Unable to determine the default AWS account (did you configure "aws configure"?): { Error: read ECONNRE
at _errnoException (util.js:992:11)
at TLSWrap.onread (net.js:618:25)
message: 'read ECONNRESET',
code: 'NetworkingError',
errno: 'ECONNRESET',
syscall: 'read',
region: 'us-east-1',
hostname: 'sts.amazonaws.com',
retryable: true,
time: 2018-08-30T07:02:18.784Z }
Setting "aws:cdk:toolkit:default-account" context to undefined

@RomainMuller
Copy link
Contributor

That's a use-case we never had a chance to test with...

In order for us to be able to test/repro/fix, can you tell what OS you're using and which mechanism the proxy is configured by (system-wide, environment variables, ...)?

I suppose we need to specifically configure something to use proxy settings... We'll have to research what exactly, I guess.

@RomainMuller RomainMuller added the bug This issue is a bug. label Aug 30, 2018
@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 30, 2018

Related issues:

aws/aws-sdk-js#108
aws/aws-sdk-js#1619

@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 30, 2018

Oh yeah, looks like we need to do work on our end:

https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/

Are people feeling strongly about which environment variable to use? I've seen all of these used:

http_proxy
HTTP_PROXY
https_proxy
HTTPS_PROXY

@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 30, 2018

This package wraps the SDK and looks at both https_proxy and HTTPS_PROXY:

https://www.npmjs.com/package/aws-sdk-proxy

Not suggesting we use that package, but we might use the same approach.

@Black742
Copy link

Black742 commented Aug 30, 2018
edited
Loading

As a wordaround have configured the proxy in the sdk.js file and able to make the connect to the sts server through aws-cdk.

filelocation = aws-cdk/lib/api/util/sdk.js

const proxy = require('proxy-agent')
aws_sdk_1.config.update({
httpOptions: {
agent: proxy("http://localhost:3128")
}
});

@arullewis
Copy link
Author

arullewis commented Sep 4, 2018
edited
Loading

@RomainMuller I am using Windows 10 and system wide http proxy settings.

@arullewis
Copy link
Author

filelocation = aws-cdk/lib/api/util/sdk.js

@Black742 - I can not find this location in my node_modules directory. Am i missing something?

@taichi
Copy link
Contributor

taichi commented Sep 4, 2018

i have same issue. i use windows10.
i want to cofingure environment variables .
Environment variables on Windows are not case sesitive.

@Black742
Copy link

Black742 commented Sep 5, 2018

@arullewis U should be able to find the files in the global node modules installed directory..
\AppData\Roaming\npm\node_modules\aws-cdk\lib\api\util\sdk.js

@rix0rrr rix0rrr mentioned this issue Sep 5, 2018
Merged
rix0rrr added a commit that referenced this issue Sep 5, 2018
@rix0rrr
feat(aws-cdk): add proxy support (#666)
0c7bcd8 
A proxy can be specified using the `--proxy` command-line argument, or is automatically read from the `HTTPS_PROXY` or `https_proxy` environment variables.

Also fix recent breakage in the SDK usage of CredentialProviderChain.

Fixes #645.
@mpiroc
Copy link
Contributor

mpiroc commented Sep 6, 2018

@costleya and I both still see this in the latest master. Are you sure it's fixed? Reopening.

Verbose output:

> cdk deploy hello-cdk-1 -v

...

Key must be a buffer
TypeError: Key must be a buffer
    at new Hmac (crypto.js:117:16)
    at Object.createHmac (crypto.js:643:10)
    at Object.hmac (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\util.js:401:30)
    at Object.getSigningKey (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4_credentials.js:62:8)
    at V4.signature (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4.js:97:36)
    at V4.authorization (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4.js:92:36)
    at V4.addAuthorization (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\signers\v4.js:34:12)
    at C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\event_listeners.js:225:18
    at finish (C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\config.js:322:7)
    at C:\Users\pirocchi\AppData\Roaming\npm\node_modules\aws-cdk\node_modules\aws-sdk\lib\config.js:340:9

@mpiroc mpiroc reopened this Sep 6, 2018
@rix0rrr
Copy link
Contributor

rix0rrr commented Sep 7, 2018

What kind of permissions are you using while doing this (aws configure/environment variables/a credential plugin)?

I've seen this happen when the wrong kind of permission object is passed to the SDK. Thought I fixed them, but maybe not.

@mpiroc
Copy link
Contributor

mpiroc commented Sep 7, 2018

This turned out to be a PEBKAC--my PATH was pointing to an old build of the CDK.

@mpiroc mpiroc closed this as completed Sep 7, 2018
@arullewis
Copy link
Author

@rix0rrr when can we expect this commit to be released?

@rix0rrr
Copy link
Contributor

rix0rrr commented Sep 11, 2018
edited
Loading

Any day now. Stay tuned

@taichi
Copy link
Contributor

taichi commented Sep 12, 2018
edited
Loading

@rix0rrr Thanks for fixed release. But there is a lack of code modification.

https://github.com/awslabs/aws-cdk/blob/b2227311558e32295d3f9ea127b5a38a4b49d63b/packages/aws-cdk/lib/api/util/sdk.ts#L196

i think right code is below.

const result = await new AWS.STS({ credentials: creds, ...this.defaultClientArgs }).getCallerIdentity().promise();

@rix0rrr
Copy link
Contributor

rix0rrr commented Sep 12, 2018

Oh bully. You are correct.

rix0rrr pushed a commit that referenced this issue Sep 12, 2018
fix(aws-cdk): Fix proxy support for account looup
1bca105 
Make sure that AWS account lookup also uses the proxy.

Fixes a remaining issue from #645.
@rix0rrr rix0rrr mentioned this issue Sep 12, 2018
Merged
rix0rrr added a commit that referenced this issue Sep 12, 2018
@rix0rrr
fix(aws-cdk): Fix proxy support for account lookup (#693)
5468225 
Make sure that AWS account lookup also uses the proxy.

Fixes a remaining issue from #645.
@MrArnoldPalmer MrArnoldPalmer mentioned this issue Jan 14, 2020
Closed
@NGL321 NGL321 mentioned this issue Jul 9, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(aws-cdk): add support for HTTPS_PROXY aws/aws-cdk
6 participants
@taichi @RomainMuller @rix0rrr @mpiroc @arullewis @Black742