Login/Register
AWS CLI : Could not connect to the endpoint URL : "https://sts.amazonaws.com/"
Asked Answered
amazon-web-servicesamazon-s3command-line-interface
R

4

9

We have trouble to execute any command on Windows AWS CLI. After AWS Configure as follows, almost every command returns the sts access error.

-- AWS Configure
aws_access_key_id=XXXXXXXX
anw_secreat_key_id=XXXXXXX
region=ap-northeast-1
output = json

-- command & error message
aws s3 ls
Could not connect to the endpoint URL : "https://sts.amazonaws.com/"

If you went trought the same kind of issue, could you kindly tell me what should be re-configured or added, like any special security group etc. ?

Any advice would be appreciated again.

Rachitis answered 10/9, 2018 at 7:35 Comment(6)
Can you ping sts.amazonaws.com?Sigismondo
Thanks for your comment, @ChrisBInt. No, I can't ping to sts.amazonaws.com from EC2 (It can connect to AWS Security Manager on web browser from my client)Rachitis
This is only happening when you run from EC2? Is your EC2 instance in a private subnet? If yes then you'll need to add a NAT.Fauces
Many thanks, @kdgregory. You should be right. Our EC2 on the one of the 5 divided subnet on one VPC. Might we need the other proper endpoint for HTTP/HTTPS, I suppose. If my understanding is not correct, your further advice would be appreciated...Rachitis
are you using WSL2 (Windows Subsystem for Linux) AND connected to a VPN? This is currently an issue: many people can talk to that AWS endpoint from their windows machine while in WSL2 but can't connect once they start a VPN connection (PulseSecure, Cisco, etc).Unwished
@Unwished Sorry for late reply. In our case, we don't use WSL2. But Thanks a lot for your valuable information:9Rachitis
L
5

To access S3 of another account using VPC endpoint in a closed area, the following addition may be required depending on the version of AWS CLI.

.aws/config

sts_regional_endpoints=regional

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-config-sts_regional_endpoints

Leonerd answered 28/12, 2020 at 6:56 Comment(1)
Yes, you can also set an env var AWS_STS_REGIONAL_ENDPOINTS: regional, which also may need AWS_DEFAULT_REGION: us-east-1 in your configmap etc..Nowhither
D
3

I was having this issue as well. The problem was with my machine. Running ipconfig /renew on my Windows 10 machine solved the problem.

Hopefully this helps someone else some day.

Drakensberg answered 28/5, 2020 at 12:56 Comment(2)
Sorry for my late reply, but so much appreciated sharing for your valuable experience :)Rachitis
Same for me. Classic case of turning WiFI off and on again. Thanks!Hydroxy
R
0

Thanks to all kind advice, we could finally manage S3 from EC2 instance to revise our endpoint -- add our bucket namely to endpoint policy.

{
    "Version": "2012-10-17",
    "Id": "XXXXXXXXXXXX",
    "Statement": [
        {
            "Sid": "XXXXXXXXXXX",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::s3-XXXXXX",
                "arn:aws:s3:::s3-XXXXXX/*"
            ]
        }
    ]
}

But still we seems to have some issue to connect STS (Amazon Security Token Service), maybe due to other cause. Let me ask it by other thread after my further verifications.

Regards

Rachitis answered 13/9, 2018 at 9:27 Comment(0)
P
0

You may need to reconfigure the nameserver to 8.8.8.8. I had a similar issue, and changing the DNS to this address resolved it for me.

  • On Linux, you can edit the /etc/resolv.conf file and add nameserver 8.8.8.8

  • On Windows, go to Control Panel > Network and Sharing Center > Change adapter settings, right-click your network connection, select Properties, then find Internet Protocol Version 4 (TCP/IPv4), click Properties, and set the DNS server to 8.8.8.8

  • On macOS, go to System Preferences > Network, select your network, click Advanced, go to the DNS tab, and add 8.8.8.8

Proline answered 7/9, 2024 at 2:42 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.