Questions tagged with Security, Identity, & Compliance

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

[URGENT] AWS SSO Failing with botocore.exceptions.ClientError: An error occurred (InternalServerException) when calling the GetRoleCredentials operation (reached max retries: 4): internal error

Hello, Starting in recent hour today we cannot login using SSO from external (standalone) applications, we have done no change in our side. The AWS management console works, however, 3rd party desktop applications are not working, this is across the board issue. I try to manually trigger SSO with a test program, I get the exception: botocore.exceptions.ClientError: ``` An error occurred (InternalServerException) when calling the GetRoleCredentials operation (reached max retries: 4): internal error ``` The sequence is based on the AWS examples available and provided below, it worked perfectly until recent hours. Does anyone experience the same? What is the right channel to provide the information to AWS? Regards,\ Alon --- ``` #!/usr/bin/env python3 import boto3.session import time import typing def awssso( sso_start_url: str, sso_region: str, sso_account_id: str, sso_role_name: str, region: str, urlopenner: typing.Callable[[str], None] = lambda url: print( f"Please open URL: {url}" ), ) -> tuple[boto3.session.Session, None]: session = boto3.session.Session() sso_oidc = session.client("sso-oidc", sso_region) client_creds = sso_oidc.register_client( clientName="myapp", clientType="public", ) device_authorization = sso_oidc.start_device_authorization( clientId=client_creds["clientId"], clientSecret=client_creds["clientSecret"], startUrl=sso_start_url, ) urlopenner(device_authorization["verificationUriComplete"]) for n in range( device_authorization["expiresIn"] // device_authorization["interval"] ): time.sleep(device_authorization["interval"]) try: token = sso_oidc.create_token( grantType="urn:ietf:params:oauth:grant-type:device_code", deviceCode=device_authorization["deviceCode"], clientId=client_creds["clientId"], clientSecret=client_creds["clientSecret"], ) break except sso_oidc.exceptions.AuthorizationPendingException: pass else: raise RuntimeError("Timeout while waiting for authorization") role_creds = session.client("sso", sso_region).get_role_credentials( roleName=sso_role_name, accountId=sso_account_id, accessToken=token["accessToken"], )["roleCredentials"] role_expiration = time.gmtime(role_creds["expiration"] / 1000) return ( boto3.session.Session( region_name=region, aws_access_key_id=role_creds["accessKeyId"], aws_secret_access_key=role_creds["secretAccessKey"], aws_session_token=role_creds["sessionToken"], ), role_expiration, ) def test() -> None: session, ttl = awssso( sso_start_url="https://<snip>.awsapps.com/start", sso_region="us-east-1", sso_account_id="<snip>", sso_role_name="<snip>", region="us-east-1", ) print(f"Identity: {session.client('sts').get_caller_identity()}") print(f"TTL: {ttl}") for b in session.resource("s3").buckets.all(): print(b) if __name__ == "__main__": test() ```
2
answers
1
votes
35
views
asked 2 months ago

Request to have SMTP EC2 port 25 and LightSail restrictions removed

**Issue** I recently started looking into AWS and after seeing the benefits of the services, I created an account and migrated my wordpress website to AWS EC2 Plesk Instance from Godaddy. I later found out that I was anable to send email notifications from the Plesk server while trying to create users. So after researching for the resolutions found the link to request AWS to unblock port 25 for this to work. Below was the responce. **Hello, Thank you for submitting your request to have the email sending limit removed from your account and/or for an rDNS update. This account, or those linked to it, have been identified as having at least one of the following: * A history of violations of the AWS Acceptable Use Policy * A history of being not consistently in good standing with billing * Not provided a valid/clear use case to warrant sending mail from EC2 Unfortunately, we are unable to process your request at this time, please consider looking into the Simple Email Service. https://aws.amazon.com/ses/ Regards, AWS Trust & Safety** I replied and made it clear I was new customer, but recieved the response below: **Hello, Thank you for submitting your request to have the email sending limit removed from your account and/or for an rDNS update. After a thorough review, we confirmed our original finding and cannot grant your request. Please consider looking into the Simple Email Service (SES) https://aws.amazon.com/ses/. We cannot assist you further with this issue and we may not respond to additional messages on this subject. Regards, AWS Trust & Safety ** **Question** Why is AWS being unresonable. I understand this is safety matter but my account is bearly 3 months old and I have made a financial commitment to use your services. Truly AWS must respond in this manner if a customer has actually missued the service after a request is granted!! I don't want to use the Simple Email Service (SES) for a small site that doesnt send more than 100 emails a day. I have just migrated my site now and not sure how I can resolve this. Please advice!
1
answers
0
votes
54
views
asked 2 months ago