0

Using aws-sdk-cpp, I created AWS client to access S3 bucket. It works with Standard AWS Regions, but not AWS GovCloud (US). Note that we only pass bucket name and region (us-gov-west-1) to SDK, without specifying any endpoint. How can we make SDK use correct endpoint for regions associated with AWS GovCloud?

Thanks a lot!

Aws::Client::ClientConfiguration config = get_client_config(input_cfg);
// get_client_config() sets proxy, region , timeout, caFile , useDualStack , etc
bool useVirtualAddressing = true;
Aws::Auth::AWSCredentials credentials;
//credentials is set 
aws::S3::S3Client s3Client(credentials, config,  Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy::Never, useVirtualAddressing);

List objects:

  Aws::S3::Model::ListObjectsV2Request requestV2;
  requestV2.WithBucket(bucketName);
  requestV2.WithPrefix(prefix1);
  requestV2.SetDelimiter("/");
  auto acctOutcome = s3Client.ListObjectsV2(requestV2);
...

Get object:

  Aws::S3::Model::GetObjectRequest object_request;
  object_request.SetBucket(bucketName);
  object_request.SetKey(objectKey);
  const char *base_fn = strrchr(objectKey, '/') + 1;

  Aws::S3::Model::GetObjectOutcome objectOutcome =
      s3Client.GetObject(object_request);
...

For the bucket and region in AWS GovCloud, SDK threw error saying can't connect to server. We expect SDK automatically detect the region is in AWS GovCloud and select the correct endpoint.

bzhou
  • 1
  • I certainly see mention of us-gov-west-1 in the the CPP SDK repo so presume it's supported. How are you attempting to override the region? I don't see anything in your post. – jarmod Apr 03 '23 at 16:07
  • Inside get_client_config(): ``` Aws::Client::ClientConfiguration get_client_config(const input_cfg_t *input_cfg) { Aws::Client::ClientConfiguration config; config.region = input_cfg->cfg_aws_region; ... } ``` – bzhou Apr 04 '23 at 17:44
  • I saw ```.s3.dualstack.us-gov-west-1.amazonaws.com``` was resolved to an IP but could not connect that IP (note that the SDK is running on a system INSIDE AWS cloud). I did try the same on system outside AWS cloud, it seems the same endpoint ```.s3.dualstack.us-gov-west-1.amazonaws.com``` is reachable. – bzhou Apr 04 '23 at 17:51
  • Some configured restriction in your VPC networking or routing, assuming you're running on EC2? Do you use S3 private endpoint for the local region but have no route to other regional S3 endpoints perhaps? – jarmod Apr 04 '23 at 17:58

0 Answers0