Reputation: 931
Invalid Header Value Error when creating boto3 sts client
I was authenticating with an internal IDP and then using the SAML assertion to assume role using with boto3 sts client. Interaction with IDP was fine and able to generate the SAML assertion after successful authentication but when I tried to generate the sts client "client = boto3.client('sts')" botocore threw Invalid header value error.
Error was coming from our egress proxy server.
File "/usr/local/lib/python3.8/dist-packages/aws_authentication/credentials.py", line 219, in decode_saml_assertion
client = boto3.client('sts')
File "/usr/local/lib/python3.8/dist-packages/boto3/__init__.py", line 93, in client
return _get_default_session().client(*args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/boto3/session.py", line 258, in client
return self._session.create_client(
File "/usr/local/lib/python3.8/dist-packages/botocore/session.py", line 826, in create_client
credentials = self.get_credentials()
File "/usr/local/lib/python3.8/dist-packages/botocore/session.py", line 430, in get_credentials
self._credentials = self._components.get_component(
File "/usr/local/lib/python3.8/dist-packages/botocore/credentials.py", line 1975, in load_credentials
creds = provider.load()
File "/usr/local/lib/python3.8/dist-packages/botocore/credentials.py", line 1028, in load
metadata = fetcher.retrieve_iam_role_credentials()
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 486, in retrieve_iam_role_credentials
role_name = self._get_iam_role(token)
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 518, in _get_iam_role
return self._get_request(
File "/usr/local/lib/python3.8/dist-packages/botocore/utils.py", line 427, in _get_request
response = self._session.send(request.prepare())
File "/usr/local/lib/python3.8/dist-packages/botocore/httpsession.py", line 356, in send
raise HTTPClientError(error=e)
botocore.exceptions.HTTPClientError: An HTTP Client raised an unhandled exception: Invalid header value b'---- proxy error response ----'
Upvotes: 0
Views: 943
Answers (1)
Reputation: 931
This issue occurred because in the botocore package _fetch_metadata_token function Link is connecting to the url http://169.254.169.254/latest/api/token Link for fetching the metadata token.
To connect to 169.254.169.254 successfully I have add it to no_proxy so that egress proxy_server don't block the connection.
no_proxy=localhost,169.254.169.254
After adding metadata endpoint 169.254.169.254 to no_proxy, I was able to connect to sts and generate the client.
Upvotes: 1
Related Questions
- botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found
- Error using Boto3: The security token included in the request is invalid
- Exception in Boto3 - botocore.exceptions.EndpointConnectionError
- botocore.exceptions.ClientError: InvalidClientTokenId
- python: boto3 _send_request() error
- Attribute error while importing boto3 using python3
- Boto3 botocore.exceptions.EndpointConnectionError
- Boto3 Error in AWS SDK: botocore.exceptions.NoCredentialsError: Unable to locate credentials
- Python AWS Boto3 SAML Auth Error
- Python AWS BOTO error