support for IMDS v2 only

[xanhuang]

Description

I run a set of userdata commands to spin up Graph Explorer in an EC2.
Auth is via IAM auth and EC2 have the necessary IAM role attached.

#!/bin/bash
cd /home/ec2-user
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` 
EC2_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/public-ipv4)
EC2_HOSTNAME="https://"$EC2_IP
echo $EC2_HOSTNAME
yum update -y
yum install git docker -y
git clone https://github.com/aws/graph-explorer/
systemctl start docker
docker buildx build graph-explorer -t "graph-explorer" 
docker run -p 80:80 -p 443:443 --env HOST=$EC2_HOSTNAME --env PUBLIC_OR_PROXY_ENDPOINT=$EC2_HOSTNAME --env GRAPH_TYPE=gremlin --env USING_PROXY_SERVER=true --env IAM=true --env AWS_REGION=us-east-1 --env GRAPH_CONNECTION_URL=https://[redacted].us-east-1.neptune.amazonaws.com:8182 --env PROXY_SERVER_HTTPS_CONNECTION=true --env GRAPH_EXP_FETCH_REQUEST_TIMEOUT=240000 graph-explorer

This setup has been working well for months but recently it started to fail with this error:

[01:57:58.914] ERROR (40): Could not load credentials from any providers
    err: {
      "type": "CredentialsProviderError",
      "message": "Could not load credentials from any providers",
      "stack":
          CredentialsProviderError: Could not load credentials from any providers
              at /graph-explorer/node_modules/.pnpm/@[email protected]_@[email protected]_@aws-sdk+client-st_jgfgvmcemvjj3jgtiyicg7kanm/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js:136:13
              at /graph-explorer/node_modules/.pnpm/@[email protected]/node_modules/@smithy/property-provider/dist-cjs/index.js:97:33
              at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
              at async coalesceProvider (/graph-explorer/node_modules/.pnpm/@[email protected]/node_modules/@smithy/property-provider/dist-cjs/index.js:124:18)
              at async /graph-explorer/node_modules/.pnpm/@[email protected]/node_modules/@smithy/property-provider/dist-cjs/index.js:142:18
              at async getIAMHeaders (file:///graph-explorer/packages/graph-explorer-proxy-server/dist/node-server.js:21:19)
              at async retryFetch (file:///graph-explorer/packages/graph-explorer-proxy-server/dist/node-server.js:36:26)
              at async fetchData (file:///graph-explorer/packages/graph-explorer-proxy-server/dist/node-server.js:96:26)
      "name": "CredentialsProviderError",
      "tryNextLink": false
    }

Graph Explorer could not synchronise with Neptune Database as a result.

Environment

• OS: Amazon Linux 2
• Browser: Any browser
• Graph Explorer Version: latest or 1.10.1
• Graph Database & Version: 1.3.2.1

Expected Behavior

To use IAM auth from EC2 and connect to Neptune Database.

---

Important

If you are interested in working on this issue or have submitted
a pull request, please leave a comment.

Tip

Please use a 👍 reaction to provide a +1/vote.

This helps the community and maintainers prioritize this request.

[xanhuang]

Got it to work again if i update my EC2 Instance to run on imds v1 and v2. If only v2 is allowed, this will break.

Can this be fixed please?

[kmcginnes]

Related to

• [Feature Request] Ensure graph-explorer supports IMDSv2-only when deployed to an EC2 instance #119