From 10b1ff8f6950149608ca59ae3f80be662631fd5c Mon Sep 17 00:00:00 2001 From: Michael Golowka <72365+pcman312@users.noreply.github.com> Date: Mon, 17 May 2021 13:56:35 -0600 Subject: [PATCH] AWS Auth: Update error message to include underlying error (#11638) --- builtin/credential/aws/path_login.go | 2 +- changelog/11638.txt | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelog/11638.txt diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 6aeaba6dc..03c63f2e6 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -1364,7 +1364,7 @@ func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request, if roleEntry.InferredEntityType == ec2EntityType { instance, err := b.validateInstance(ctx, req.Storage, entity.SessionInfo, roleEntry.InferredAWSRegion, callerID.Account) if err != nil { - return logical.ErrorResponse(fmt.Sprintf("failed to verify %s as a valid EC2 instance in region %s", entity.SessionInfo, roleEntry.InferredAWSRegion)), nil + return logical.ErrorResponse("failed to verify %s as a valid EC2 instance in region %s: %s", entity.SessionInfo, roleEntry.InferredAWSRegion, err), nil } // build a fake identity doc to pass on metadata about the instance to verifyInstanceMeetsRoleRequirements diff --git a/changelog/11638.txt b/changelog/11638.txt new file mode 100644 index 000000000..5ed50652b --- /dev/null +++ b/changelog/11638.txt @@ -0,0 +1,3 @@ +```release-note:improvement +auth/aws: Underlying error included in validation failure message. +```