diff --git a/go.mod b/go.mod index 8d5dad91e..bf6ebcd86 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( entgo.io/ent v0.14.4 github.com/adrg/xdg v0.4.0 github.com/aws/aws-sdk-go-v2 v1.39.4 - github.com/aws/aws-sdk-go-v2/config v1.31.15 + github.com/aws/aws-sdk-go-v2/config v1.31.15 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.18.19 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6 github.com/aws/aws-sdk-go-v2/service/sso v1.29.8 diff --git a/pkg/blobmanager/s3/backend.go b/pkg/blobmanager/s3/backend.go index f24ff590e..e9cc150ac 100644 --- a/pkg/blobmanager/s3/backend.go +++ b/pkg/blobmanager/s3/backend.go @@ -26,7 +26,6 @@ import ( "strings" "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/feature/s3/manager" "github.com/aws/aws-sdk-go-v2/service/s3" @@ -72,16 +71,11 @@ func NewBackend(creds *Credentials) (*Backend, error) { return nil, fmt.Errorf("failed to parse bucket name: %w", err) } - // Configure AWS config with v2 SDK - cfg, err := config.LoadDefaultConfig( - context.TODO(), - config.WithRegion(region), - config.WithCredentialsProvider( - credentials.NewStaticCredentialsProvider(creds.AccessKeyID, creds.SecretAccessKey, ""), - ), - ) - if err != nil { - return nil, fmt.Errorf("failed to load AWS config: %w", err) + // Using AWS config directly instead of using config.LoadDefaultConfig + // to avoid the default credential chain and use only the static credentials + cfg := aws.Config{ + Region: region, + Credentials: credentials.NewStaticCredentialsProvider(creds.AccessKeyID, creds.SecretAccessKey, ""), } // Create S3 client with custom options if needed diff --git a/pkg/credentials/aws/secretmanager.go b/pkg/credentials/aws/secretmanager.go index b02956817..4d504a0fd 100644 --- a/pkg/credentials/aws/secretmanager.go +++ b/pkg/credentials/aws/secretmanager.go @@ -1,5 +1,5 @@ // -// Copyright 2023 The Chainloop Authors. +// Copyright 2023-2025 The Chainloop Authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -24,7 +24,6 @@ import ( "strings" "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/config" awscreds "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/service/secretsmanager" "github.com/aws/aws-sdk-go-v2/service/sso/types" @@ -67,15 +66,11 @@ func NewManager(opts *NewManagerOpts) (*Manager, error) { logger := servicelogger.ScopedHelper(l, "credentials/aws-secrets-manager") logger.Infow("msg", "configuring secrets-manager", "region", opts.Region, "role", opts.Role, "prefix", opts.SecretPrefix) - config, err := config.LoadDefaultConfig( - context.TODO(), - config.WithRegion(opts.Region), - config.WithCredentialsProvider( - awscreds.NewStaticCredentialsProvider(opts.AccessKey, opts.SecretKey, ""), - ), - ) - if err != nil { - return nil, fmt.Errorf("loading AWS config: %w", err) + // Using AWS config directly instead of using config.LoadDefaultConfig + // to avoid the default credential chain and use only the static credentials + config := aws.Config{ + Region: opts.Region, + Credentials: awscreds.NewStaticCredentialsProvider(opts.AccessKey, opts.SecretKey, ""), } return &Manager{