Unable to resolve sts.us-east-1.api.aws

[milosgajdos]

Confirm by changing [ ] to [x] below:

• I've gone though Developer Guide and API reference
• I've checked AWS Forums and StackOverflow for answers

Describe the question

We've recently tried updating Go SDK to the latest version but came across a problem related to DNS resolution of STS.
We use dualstack and according to the latest docs UseDualStackoption has been deprecated in favour of UseDualStackEndpoint.

Unfortunately, when we set UseDualStackEndpoint to endpoints.DualStackEndpointStateEnabled we get the following error -- we run this code in EKS:

WebIdentityErr: failed to retrieve credentials
caused by: RequestError: send request failed
caused by: Post "https://sts.us-east-1.api.aws/": dial tcp: lookup sts.us-east-1.api.aws on X.X.X.X53: no such host

Here's a simple program to reproduce this

package main

import (
	"fmt"
	"log"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/s3"
)

const (
	region = "us-east-1"
	bucket = "your-bucket"
	key    = "your-s3-key-in-you-bucket"
)

func main() {
	config := &aws.Config{
		Region:                        aws.String("us-east-1"),
		S3ForcePathStyle:              aws.Bool(true),
		CredentialsChainVerboseErrors: aws.Bool(true),
		UseDualStackEndpoint:          endpoints.DualStackEndpointStateEnabled,
	}
	sess, err := session.NewSession(config)
	if err != nil {
		log.Fatal(err)
	}

	svc := s3.New(sess)

	input := &s3.ListObjectsV2Input{
		Bucket: aws.String(bucket),
		Prefix: aws.String(key),
	}

	resp, err := svc.ListObjectsV2(input)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(resp)
}

The version of the SDK can be seen int he go.mod shown below:

module dualst

go 1.17

require github.com/aws/aws-sdk-go v1.42.34

require github.com/jmespath/go-jmespath v0.4.0 // indirect

Now, what is interesting is, when instead of setting UseDualStackEndpoint we set UseDualStack to true, things work as expected -- we don't notice any errors.

Now, it might be possible we are missing some EKS config, but it's strange we haven't been seeing these errors when using the old, now deprecated, option.

[KaibaLopez]

Hi @milosgajdos ,
Sorry for the slow response here, what is happening here basically is UseDualStack only applied to s3 where as UseDualStackEndpoint is generic for all services...
It's not the best solution but try this as a workaround:

svc := s3.New(sess, &aws.Config{
		UseDualStackEndpoint:          endpoints.DualStackEndpointStateEnabled,
}

As a side note, is there a reason why you are setting

S3ForcePathStyle:              aws.Bool(true),

Don't think this is affecting your sample just, it tends to be problematic so unless required I'd avoid it.

[milosgajdos]

But that's exactly what I'm doing in my code? Not sure I follow your response @KaibaLopez