Closed
Description
Acknowledgements
- I have searched (https://github.com/aws/aws-sdk/issues?q=is%3Aissue) for past instances of this issue
- I have verified all of my SDK modules are up-to-date (you can perform a bulk update with
go get -u github.com/aws/aws-sdk-go-v2/...)
Describe the bug
No error message is displayed when some ECS operations depending on ecs.awsAwsjson11_deserializeErrorAccessDeniedException fail due to AccessDeniedException.
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
An error message is displayed:
panic: operation error ECS: CreateService, https response error StatusCode: 400, RequestID: 4b95afb3-25ab-48dc-a2ba-1a9e4c0ecbda, AccessDeniedException: User: arn:aws:sts::xxxxxxxxx:assumed-role/xxxxxxxxxxx is not authorized to perform: ecs:CreateService on resource: arn:aws:ecs:ap-northeast-1:xxxxxxxxxxxxx:service/default/xxxxxxxx because no identity-based policy allows the ecs:CreateService action
goroutine 1 [running]:
main.main()
example.com/test/main.go:23 +0x184
Current Behavior
No error message is displayed:
panic: operation error ECS: CreateService, https response error StatusCode: 400, RequestID: 2ed99e65-d0e9-463f-97c9-8b8cd34ffedf, AccessDeniedException:
goroutine 1 [running]:
main.main()
example.com/test/main.go:23 +0x184
Reproduction Steps
- Prepare an IAM user or role that doesn't have the permission
ecs:CreateService - Run the following file with the user or role:
- Note that you have to change the ARN of task definition.
package main
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/ecs"
)
func main() {
cfg, err := config.LoadDefaultConfig(context.Background())
if err != nil {
panic(err)
}
client := ecs.NewFromConfig(cfg)
_, err = client.CreateService(context.Background(), &ecs.CreateServiceInput{
ServiceName: aws.String("xxxxx"),
TaskDefinition: aws.String("arn:aws:ecs:ap-northeast-1:xxxxxxxxxx:task-definition/xxxxxx"),
})
if err != nil {
panic(err)
}
}Possible Solution
The commit abicky@a8afd4a resolves the issue.
It includes the changes made by make all after I changed codegen/sdk-codegen/aws-models/ecs.json without the following unrelated change:
diff --git a/feature/dynamodbstreams/attributevalue/go_module_metadata.go b/feature/dynamodbstreams/attributevalue/go_module_metadata.go
index d2c5ca8ee0..04358c081d 100644
--- a/feature/dynamodbstreams/attributevalue/go_module_metadata.go
+++ b/feature/dynamodbstreams/attributevalue/go_module_metadata.go
@@ -3,4 +3,4 @@
package attributevalue
// goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.45"
+const goModuleVersion = "1.15.13"Additional Information/Context
No response
AWS Go SDK V2 Module Versions Used
module example.com/test
go 1.23.2
require (
github.com/aws/aws-sdk-go-v2 v1.32.3
github.com/aws/aws-sdk-go-v2/config v1.28.1
github.com/aws/aws-sdk-go-v2/service/ecs v1.48.1
)
require (
github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
github.com/aws/smithy-go v1.22.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
)
Compiler and Version used
go version go1.23.2 darwin/arm64
Operating System and version
Darwin Takeshis-MacBook-Air.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:14:59 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T8122 arm64