Bug: RDS IAM Authentication Fails in GovCloud due to Region Configuration
Description
When deploying LISA in AWS GovCloud with iamRdsAuth enabled, the RestApi ECS container fails with an invalid token error. The issue occurs in the _get_lambda_role_arn function within rds_auth.py.
Root Cause
The boto3 STS client in the _get_lambda_role_arn function does not specify the region_name parameter, causing it to default to us-east-1. This causes authentication failures in GovCloud environments.
Steps to Reproduce
- Deploy LISA to AWS GovCloud
- Enable
iamRdsAuth setting
- Attempt to start the RestApi ECS container
Expected Behavior
The boto3 STS client should use the correct GovCloud region for authentication.
Current Behavior
The function attempts to reach us-east-1 for STS operations, resulting in invalid token errors.
Environment
- Region: AWS GovCloud
- Feature: IAM RDS Authentication
- Component: RestApi ECS container
Suggested Fix
Modify the _get_lambda_role_arn function in rds_auth.py to explicitly set the region when creating the boto3 STS client.
Bug: RDS IAM Authentication Fails in GovCloud due to Region Configuration
Description
When deploying LISA in AWS GovCloud with
iamRdsAuthenabled, the RestApi ECS container fails with an invalid token error. The issue occurs in the_get_lambda_role_arnfunction withinrds_auth.py.Root Cause
The boto3 STS client in the
_get_lambda_role_arnfunction does not specify theregion_nameparameter, causing it to default tous-east-1. This causes authentication failures in GovCloud environments.Steps to Reproduce
iamRdsAuthsettingExpected Behavior
The boto3 STS client should use the correct GovCloud region for authentication.
Current Behavior
The function attempts to reach
us-east-1for STS operations, resulting in invalid token errors.Environment
Suggested Fix
Modify the
_get_lambda_role_arnfunction inrds_auth.pyto explicitly set the region when creating the boto3 STS client.