Define default region for STS actions to fix regression introduced in…

… 1.24 Fixes #47
jenkinsci · Feb 24, 2019 · 2199ce6 · 2199ce6
1 parent 294c62f
commit 2199ce6
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java b/src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java
@@ -32,6 +32,8 @@
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.auth.BasicSessionCredentials;
+import com.amazonaws.regions.DefaultAwsRegionProviderChain;
+import com.amazonaws.regions.Regions;
 import com.amazonaws.services.ec2.AmazonEC2;
 import com.amazonaws.services.ec2.AmazonEC2Client;
 import com.amazonaws.services.ec2.model.DescribeAvailabilityZonesResult;
@@ -116,12 +118,31 @@ public AWSCredentials getCredentials() {
         if (StringUtils.isBlank(iamRoleArn)) {
             return initialCredentials;
         } else {
+            // Check for available region from the SDK, otherwise specify default
+            String clientRegion;
+            DefaultAwsRegionProviderChain sdkRegionLookup = new DefaultAwsRegionProviderChain();
+            try {
+                clientRegion = sdkRegionLookup.getRegion();
+            }
+            catch(com.amazonaws.SdkClientException e) {
+                if (e.getMessage() == "Unable to load region information from any provider in the chain") {
+                    clientRegion = Regions.DEFAULT_REGION.getName();
+                } else {
+                    throw e;
+                }
+            }
+
             AWSSecurityTokenService client;
             // Handle the case of delegation to instance profile
             if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText()) ) {
-                client = AWSSecurityTokenServiceClientBuilder.defaultClient();
+                client = AWSSecurityTokenServiceClientBuilder.standard()
+                        .withRegion(clientRegion)
+                        .build();
             } else {
-                client = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(initialCredentials)).build();
+                client = AWSSecurityTokenServiceClientBuilder.standard()
+                        .withCredentials(new AWSStaticCredentialsProvider(initialCredentials))
+                        .withRegion(clientRegion)
+                        .build();
             }
 
             AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn);