allow IMDSv2 endpoint to fail, fallback to IMDSv1 (#1877)

minio · Aug 23, 2023 · 43bb6bd · 43bb6bd
1 parent 1eac111
commit 43bb6bd
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/pkg/credentials/iam_aws.go b/pkg/credentials/iam_aws.go
@@ -291,7 +291,13 @@ func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody,
 	// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
 	token, err := fetchIMDSToken(client, endpoint)
 	if err != nil {
-		return ec2RoleCredRespBody{}, err
+		// Return only errors for valid situations, if the IMDSv2 is not enabled
+		// we will not be able to get the token, in such a situation we have
+		// to rely on IMDSv1 behavior as a fallback, this check ensures that.
+		// Refer https://github.com/minio/minio-go/issues/1866
+		if !errors.Is(err, context.DeadlineExceeded) && !errors.Is(err, context.Canceled) {
+			return ec2RoleCredRespBody{}, err
+		}
 	}
 
 	// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html