fix: use us-east-1 STS endpoint for Route53 ACME DNS validation (#5531)#6001
Open
yaswanthkumar1995 wants to merge 2 commits intoInfisical:mainfrom
Open
fix: use us-east-1 STS endpoint for Route53 ACME DNS validation (#5531)#6001yaswanthkumar1995 wants to merge 2 commits intoInfisical:mainfrom
yaswanthkumar1995 wants to merge 2 commits intoInfisical:mainfrom
Conversation
…sical#5531) Route53 ACME certificate requests fail with 'STS is not activated in this region' when the user's AWS account doesn't have STS enabled in us-west-1. Since Route53 is a global service, the region used for STS AssumeRole is irrelevant to Route53 API functionality. Changed the hardcoded AWSRegion.US_WEST_1 to AWSRegion.US_EAST_1 in both route53InsertTxtRecord() and route53DeleteTxtRecord(). The us-east-1 STS endpoint is always active for all AWS accounts by default, so this eliminates the regional activation requirement. Also renamed route54.ts to route53.ts to fix the filename typo.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
Collaborator
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #5531
Context
Route53 ACME certificate requests (via Let's Encrypt) fail with:
This happens because
route54.tshardcodesAWSRegion.US_WEST_1for the STSAssumeRolecall. If the user's AWS account doesn't have STS activated in us-west-1 (common for EU-hosted accounts), the call fails even though Route53 is a global service and works from any region.The
getAwsConnectionConfig()function already defaults toUS_EAST_1(always active for all AWS accounts), but the Route53 DNS provider was overriding it withUS_WEST_1.Changes
route54.ts→route53.ts: Fixed the filename typo (Route53, not Route54)AWSRegion.US_WEST_1→AWSRegion.US_EAST_1: Updated bothroute53InsertTxtRecord()androute53DeleteTxtRecord()to use the global STS endpointacme-certificate-authority-fns.tsto reference the renamed fileSteps to verify the change
AssumeRolemethodType
Checklist