Athens is creating unsigned requests to S3 buckets causing 403 errors

[midestefanis]

Describe the bug
I'm running athenas in AWS ECS Fargate with S3 as the storage. I've followed this documentation to configure everything -> https://docs.gomods.io/install/install-on-aws-ecs-fargate/

This are the ENVs in the athenas container:

/ # env
ATHENS_STORAGE_TYPE=s3
HOSTNAME=********.us-west-2.compute.internal
SHLVL=1
HOME=/root
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=/v2/credentials/*********
AWS_EXECUTION_ENV=AWS_ECS_FARGATE
ECS_AGENT_URI=http://*******/api/eab1a45ef8034d1b9ef8fcb2b96523ad-********
GO111MODULE=on
AWS_DEFAULT_REGION=us-west-2
ECS_CONTAINER_METADATA_URI_V4=http://********/v4/eab1a45ef8034d1b9ef8fcb2b96523ad-****
TERM=xterm-256color
ECS_CONTAINER_METADATA_URI=http://*********/v3/eab1a45ef8034d1b9ef8fcb2b96523ad-*****
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ATHENS_LOG_LEVEL=debug
AWS_USE_DEFAULT_CONFIGURATION=true
LANG=C.UTF-8
AWS_REGION=us-west-2
ATHENS_S3_BUCKET_NAME=athens-proxy-poc

Error Message

While testing the walktrhough example i've found this problem:

export GOPROXY=http://athens-*******.elb.us-west-2.amazonaws.com,direct
export GO111MODULE=on

go run .
go: github.com/athens-artifacts/samplelib@v1.0.0: reading http://athens-*************.elb.us-west-2.amazonaws.com/github.com/athens-artifacts/samplelib/@v/v1.0.0.mod: 500 Internal Server Error

This is what athens is logging when i get locally that 500 error:

May 09, 2024 at 09:31 (UTC-5:00) | ERROR[2:31PM]: operation error S3: GetObject, https response error StatusCode: 403, RequestID: D947G5NZA99Z9AW8, HostID: ***********, api error AccessDenied: Access Denied http-method=GET http-path=/github.com/athens-artifacts/samplelib/@v/v1.0.0.mod kind=Internal Server Error module= operation=download.VersionModuleHandler ops=[download.VersionModuleHandler pool.GoMod protocol.GoMod s3.GoMod s3.open] request-id=d0448fae-3d67-4aba-89a7-416ce284acd2 version= | eab1a45ef8034d1b9ef8fcb2b96523ad | athens-goproxy

May 09, 2024 at 09:31 (UTC-5:00) | INFO[2:31PM]: incoming request http-method=GET http-path=/github.com/athens-artifacts/samplelib/@v/v1.0.0.mod http-status=500 request-id=d0448fae-3d67-4aba-89a7-416ce284acd2 | eab1a45ef8034d1b9ef8fcb2b96523ad | athens-goproxy

To Reproduce

I've followed this documentation and it's failing for me -> https://docs.gomods.io/install/install-on-aws-ecs-fargate/

Expected behavior
Athens should be able to reach S3 buckets with no errors

Environment (please complete the following information):

• OS: [e.g. Linux 64bit] : Alpine Linux amd64
• Go version : go1.20.14
• Proxy version : v0.14.0
• Storage (fs/mongodb/s3 etc.) : s3

Additional context

I have contacted AWS to help me understand the reason for this 403 and they have told me that it is because the requests to S3 are coming out unsigned, that is, anonymously. AWS reviewed the configuration and they see everything valid, they still do not understand why this happens.

[yongzhang]

The same issue, I guess this is caused by #1950.

[aserzhankou]

Experiencing absolutely the same issue.

@yongzhang is there any estimations when fix #1963 can be released? thanks.

[yongzhang]

Experiencing absolutely the same issue.

@yongzhang is there any estimations when fix #1963 can be released? thanks.

I'm not the maintainer, I'm also waiting someone to review my PR. But you can use v0.13.x at the moment.

[matt0x6F]

@midestefanis thanks for the report!

@yongzhang I've looked at your PR and left a comment.

Apologies for not getting to both of these sooner, I was traveling at the time.