Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-15315

Amazon is deprecating SOAP API causing EC2 instances to shut down immediately

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • High
    • None
    • 5.7-OD-06-009
    • None
    • None

    Description

      From version 1.6.14.0 onwards of the Amazon EC2 CLI tools, the private key (-K, --private-key) and X.509 certificate (-C, --cert) options are not supported. This means that custom bamboo EC2 instances will shut down within minutes of starting up if they are using those variables.

      You may see the following stack trace on your EC2 instance before it is shut down:

      ==> setupEbsSnapshot.log <==
Unexpected error:
org.codehaus.xfire.fault.XFireFault: General security error; nested exception is: 
java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:83)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at com.sun.proxy.$Proxy12.createVolume(Unknown Source)
at com.amazon.aes.webservices.client.Jec2Impl.createVolume(Jec2Impl.java:2732)
at com.amazon.aes.webservices.client.cmd.CreateVolume.invokeOnline(CreateVolume.java:88)
at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:1071)
at com.amazon.aes.webservices.client.cmd.CreateVolume.main(CreateVolume.java:98)
Caused by: org.apache.ws.security.WSSecurityException: General security error; nested exception is: 
java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
at com.amazon.aes.webservices.client.CryptoProxy.getCertificates(CryptoProxy.java:76)
at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:291)
at com.amazon.aes.webservices.client.Jec2Impl.signRequest(Jec2Impl.java:301)
at com.amazon.aes.webservices.client.Jec2Impl.access$000(Jec2Impl.java:97)
at com.amazon.aes.webservices.client.Jec2Impl$1.invoke(Jec2Impl.java:204)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
... 9 more
Caused by: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1703)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:301)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at com.amazon.aes.webservices.client.CryptoProxy.getCertByName(CryptoProxy.java:116)
at com.amazon.aes.webservices.client.CryptoProxy.getCertificates(CryptoProxy.java:74)
... 15 more
ec2-create-volume failed (exit code 0). Output:

      To work around this problem you'll need to use your access key ID (-O, --aws-access-key) and secret access key (-W, --aws-secret-key) in scripts and environment variables instead.

      Attachments

        Activity

          People

            pbruski Przemek Bruski
            mhunter Matthew Hunter
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: