Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2 create-vpc-endpoint fails to create an AWS service interface endpoint when both the full service-name and service-region are specified #9216

Open
1 task
marcus-jameson opened this issue Jan 16, 2025 · 0 comments
Open
1 task

ec2 create-vpc-endpoint fails to create an AWS service interface endpoint when both the full service-name and service-region are specified #9216

marcus-jameson opened this issue Jan 16, 2025 · 0 comments
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@marcus-jameson
Copy link

Describe the bug

When attempting to create a VPC endpoint of type Interface for an AWS service the operation fails when both service-name and service-region are specified, even if they are in alignment.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

When creating a VPC interface endpoint for an AWS service, if both service-name and service-region are included in the request and both reference the same region the request should not be blocked by the presence of service-region. Alternatively, if the intended behavior is to discourage the use of these options in combination then either the call should fail with a message that is more helpful than "An internal error has occurred" and ideally the documentation should be updated to mention the conflict between these two options.

Current Behavior

Example command with redacted resource IDs:

aws ec2 create-vpc-endpoint --profile=example \
  --vpc-endpoint-type Interface \
  --vpc-id vpc-0000000000000000 \
  --service-name com.amazonaws.eu-west-1.sts \
  --subnet-ids subnet-0000000000000000 \
  --security-group-id sg-0000000000000000 \
  --tag-specifications "ResourceType=vpc-endpoint,Tags=[{Key=Name,Value=example}]" \
  --service-region=eu-west-1

Result:

An error occurred (InternalError) when calling the CreateVpcEndpoint operation (reached max retries: 2): An internal error has occurred

The full output from this command (with resource IDs & security tokens redacted) run in debug mode is included in the attached file, debug-logs.txt.

Reproduction Steps

The only prerequisites are access to an AWS account with a default VPC and IAM access to create the VPC endpoint. The error can be created with a minimal setup referencing the default VPC. Using eu-west-1 as an example region:

aws ec2 create-vpc-endpoint --profile=example \
  --vpc-endpoint-type Interface \
  --vpc-id vpc-0000000000000000 \
  --service-name com.amazonaws.eu-west-1.sts \
  --service-region=eu-west-1

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.23.0 Python/3.12.8 Darwin/24.2.0 source/arm64

Environment details (OS name and version, etc.)

macOS 15.2
@marcus-jameson marcus-jameson added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marcus-jameson