[gdal-dev] errors using IAM instance profile auth in s3

Even Rouault even.rouault at spatialys.com
Sat Nov 19 06:48:58 PST 2022


Yes, a 206 response code means success here as we are requesting only 
bytes 0-16383. So maybe the file is not a valid TIFF ?

( "grid-dev-publiclidar" must not be so public I guess, because when 
trying with my credentials, I get a Access Denied)

Le 19/11/2022 à 15:40, michael.smith.erdc at gmail.com a écrit :
> I’m seeing that it’s getting a 206 response code, so wouldn’t that 
> indicate auth is working?
>
>  gdalinfo /vsis3/grid-dev-publiclidar/estonia/dtm/estonia_dtm_5m.tif
> HTTP: Fetch(http://169.254.169.254/latest/api/token)
> HTTP: libcurl/7.86.0 OpenSSL/3.0.7 zlib/1.2.13 libssh2/1.10.0 
> nghttp2/1.47.0
> HTTP: These HTTP headers were set: 
> X-aws-ec2-metadata-token-ttl-seconds: 10
> HTTP: 
> Fetch(http://169.254.169.254/latest/meta-data/iam/security-credentials/)
> HTTP: 
> Fetch(http://169.254.169.254/latest/meta-data/iam/security-credentials/iam-grid-s3)
> AWS: Storing AIM credentials until 2022-11-19T20:42:58Z
> S3: Downloading 0-16383 
> (https://grid-dev-publiclidar.s3.amazonaws.com/estonia/dtm/estonia_dtm_5m.tif)...
> S3: Got response_code=206
> gdalinfo failed - unable to open 
> '/vsis3/grid-dev-publiclidar/estonia/dtm/estonia_dtm_5m.tif'.
>
>
> Mike
>
>
>
>> On Nov 19, 2022, at 9:26 AM, Even Rouault 
>> <even.rouault at spatialys.com> wrote:
>>
>> Hi Mike,
>>
>> could you send the output of
>>
>> curl 
>> http://169.254.169.254/latest/meta-data/iam/security-credentials/iam-grid-s3
>>
>> Slightly redacted of course, but with the exact formatting. This part 
>> of thee code currently uses a "simple JSON parser" 
>> (https://github.com/OSGeo/gdal/blob/c61d116a469821b769630a112dee7f1a61fed885/port/cpl_aws.cpp#L554), 
>> which is actually just a non JSON-aware string tokenizer, and I 
>> suspect it could be defeated by a new formatting of S3 or something 
>> specific to your credentials.
>>
>> It could also be that something unhandled by that parser appears 
>> inside quoted strings, like an escaped double quote or some other 
>> JSON escaped character (like an escaped forward slash \/ )
>>
>> If that was the case we should likely switch to proper JSON 
>> deserialization (that part of the code must predate libjson-c being a 
>> build requirement of GDAL).
>>
>> Even
>>
>>
>> -- 
>> http://www.spatialys.com
>> My software is free, but my time generally not.
>>
-- 
http://www.spatialys.com
My software is free, but my time generally not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20221119/941cc51d/attachment.htm>


More information about the gdal-dev mailing list