0

while retrive the vpcpeeringconnection of all regions of aws am getting "AWS was not able to validate the provided access credentials" on newly added region ap-northeast-2 and eu-central-1. other regions working fine.

debug result-------------

    START Discovering region: ap-southeast-2 
    retrieving the VPC peering connections 
    Creating ComputerSystems and Rules for the VPC 'vpc-eac32a8f' 
    The VPC 'vpc-eac32a8f' does not contain any instance hence not creating anything. 
    END Discovering region: ap-southeast-2 
    START Discovering region: eu-central-1 
    retrieving the VPC peering connections 
    AWS problem during 'autodetect' all regions - Problem with the region: eu-central-1.
    com.amazonaws.AmazonServiceException: AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: 14e0a60f-8605-4a59-8fd2-8433480f43bf) 
    END Discovering region: eu-central-1 
    START Discovering region: ap-northeast-2 
    retrieving the VPC peering connections 
    AWS problem during 'autodetect' all regions - Problem with the region: ap-northeast-2.
   com.amazonaws.AmazonServiceException: AWS was not able to validate  the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: ac03b6a6-1746-4cc3-b12a-d6693079acd4) 
    END Discovering region: ap-northeast-2 
    START Discovering region: ap-northeast-1 
    retrieving the VPC peering connections 
    Creating ComputerSystems and Rules for the VPC 'vpc-f9b65c9c' 
    END Discovering region: ap-northeast-1

am unable to find the solution for this.

Sanjay Kumar
  • 309
  • 2
  • 5
  • 9
  • Check if the instances you're trying to connect are indeed the part of the virtual private cloud vpc-f9b65c9c and the cloud is configured with proper regions - you can do it in AWS console. – dmitryro Jun 17 '16 at 04:36
  • Make sure the new regions are available to your account: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#using-regions-availability-zones-describe – Karen B Jun 17 '16 at 05:40
  • AmazonEc2Client class creates the request for every region and it got response through DescribeVpcPeeringConnections() method, but it doesnt get the regions "ap-northeast-2","eu-central-1". created request for ap-northeast-2 ----> – Sanjay Kumar Jun 17 '16 at 07:07
  • https://ec2.ap-northeast-2.amazonaws.com / Parameters: ({"Action":["DescribeVpcPeeringConnections"],"Version":["2015-10-01"],"AWSAccessKeyId":["XXXXXXXXXXXXXXXXXXX"],"SignatureVersion":["2"],"Timestamp":["2016-06-17T06:50:23.640Z"],"SignatureMethod":["HmacSHA256"],"Signature":["C3CbRT1nGLZhCZUgQS7Y9MsL2PCM03Kj+F34SRzhZYw="]}Headers: (amz-sdk-retry: 3/236/, User-Agent: aws-sdk-java/1.11.7 Linux/2.6.32-279.el6.x86_64 Java_HotSpot(TM)_64-Bit_Server_VM/24.79-b02/1.7.0_79, amz-sdk-invocation-id: eedb863b-d338-4769-8ba0-b6c5f48132d8, ) – Sanjay Kumar Jun 17 '16 at 07:09

1 Answers1

0

Here is the problem:

"SignatureVersion":["2"]

Signature Version 2 is not supported in regions that initially came into service in 2014 or later, which currently includes ap-northeast-2 and eu-central-1, as well as China.

All regions support Signature Version 4, and newer regions only support V4.

http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html

See also The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.

Community
  • 1
  • 1
Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • 1
    SDKGlobalConfiguration.ENABLE_S3_SIGV4_SYSTEM_PROPERTY method was deprecated, so how should i configure that. is there is any other alternate way. – Sanjay Kumar Jun 20 '16 at 06:46