We have connected from AWS EC2 machine using AWS ROLE based authentication.
It throws error for some EC2 machines… some Ec2 works… But both EC2 machine is able to get temporary role authentication from AWS metadata using curl command.
Below is the error when i try to use pymongo[aws]
File "/usr/lib64/python2.7/site-packages/pymongo/pool.py", line 810, in authenticate
auth.authenticate(credentials, self)
File "/usr/lib64/python2.7/site-packages/pymongo/auth.py", line 673, in authenticate
auth_func(credentials, sock_info)
File "/usr/lib64/python2.7/site-packages/pymongo/auth_aws.py", line 85, in _authenticate_aws
exc, pymongo_auth_aws.__version__))
pymongo.errors.OperationFailure: temporary MONGODB-AWS credentials could not be obtained (pymongo-auth-aws version 1.0.1)
I’ve passed your question on to our engineering team, and we’ve tracked down the line of code throwing the error, but can’t work out why this might be happening. I’d suggest looking further into the differences between your EC2 instances to track down what’s failing.
If you do work out what’s happening - please do let us know here - it would be super-helpful if someone has the same problem in future.
Thanks Mark… I did some more deep down on this .
Some of the auth code is doing a “post” call to get the temp token to connect.
And it fails to do that . Looks aws not allowing “post” call there… If I do “put” call instead of post below, it works. May be you have to fix this in pymongo code…
Happy to work more. .
headers = {'X-aws-ec2-metadata-token-ttl-seconds': '60'}
res = ***requests.post***(_AWS_EC2_URI+'latest/api/token', headers=headers, timeout=_AWS_HTTP_TIMEOUT)
token = res.content
headers = {'X-aws-ec2-metadata-token': token}
res = requests.get(_AWS_EC2_URI+_AWS_EC2_PATH, headers=headers, timeout=_AWS_HTTP_TIMEOUT)
role = res.text
res = requests.get(_AWS_EC2_URI+_AWS_EC2_PATH+role, headers=headers, timeout=_AWS_HTTP_TIMEOUT)
res_json = res.json()
Thanks Shane for a quick fix … It is working .
But we need this from python library directly when I install pymongo[aws]. I am using it inside docker. So it would be good to fix pymong[aws] to implement this in our environment.