Cognito Identity System.IO.InvalidDataException: Cannot determine protocol. When running in docker on Elastic beanstalk

Question

When running my app in a docker container in Elastic beanstalk I am noticing this error. Fetching users and sign-in operations work fine, but attempting to create a new user throws this error.

Developing locally against the same Cognito instance the issue does not occur. I assume this has something to do with retrieving the permissions from the IAM role attached to the elastic beanstalk instance.

The IAM instance profile for the elastic beanstalk instance has the AmazonCognitoPowerUser policy attached. This is the same policy as is attached to the user I am using for local development

Stack trace:

System.IO.InvalidDataException: Cannot determine protocol
at Amazon.Runtime.Internal.Signer.SignRequest(IRequestContext requestContext)
at Amazon.Runtime.Internal.Signer.PreInvoke(IExecutionContext executionContext)
at Amazon.Runtime.Internal.Signer.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CredentialsRetriever.<InvokeAsync>d__7`1.MoveNext()

Relevant code where the error appears:

private static AmazonCognitoIdentityProviderClient Client => new AmazonCognitoIdentityProviderClient(Amazon.RegionEndpoint.APSoutheast2);

var signUpRequest = new SignUpRequest
        {
            ClientId = AWSCognitoClientId,
            Username = email,
            Password = password
        };

        await Client.SignUpAsync(signUpRequest);

I'm not sure if this is a bug in the sdk or mis-configuration of the elastic beanstalk instance

Answer 1

I was able to resolve it by instantiating the AmazonCognitoIdentityProviderClient with AnonymousAWSCredentials, as was suggested here: https://github.com/aws/aws-sdk-net/issues/937#issuecomment-415454184.

var forgotPasswordRequest = new ForgotPasswordRequest
{
    // ...
};

using (var identityProvider = new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials()))
{
    return identityProvider.ForgotPasswordAsync(forgotPasswordRequest);
}

---

I was running into this issue with Cognito's ForgotPassword / ForgotPasswordAsync .NET SDK.

identityProvider.ForgotPasswordAsync(forgotPasswordRequest);

It was throwing:

System.IO.InvalidDataException: Cannot determine protocol
at Amazon.Runtime.Internal.Signer.SignRequest(IRequestContext requestContext)
at Amazon.Runtime.Internal.Signer.PreInvoke(IExecutionContext executionContext)
at Amazon.Runtime.Internal.Signer.InvokeAsync[T](IExecutionContext executionContext)
...