CDK ignores no_proxy config #7121
Description
It appears like CDK ignores the no_proxy configuration.
I attempted to run CDK on an EC2 instance and I expect it to use the instance profile. I therefore added the flag --ec2creds.
The environment contains the vars http_proxy and https_proxy which points the the proxy of my organization. This proxy has an explicit black and whitelist. On the blacklist also are all AWS related endpoints and these cannot be queried though the proxy. Therefore the environment var no_proxy contains these, e.g. ...,169.254.169.254,169.254.170.2,...
When cdk --ec2creds -v deploy now is executed it shows it correctly found the proxy var but makes no mention of the no_proxy. I also was not able to find this string anywhere in the codebase.
Reproduction Steps
Quite a bit hard to fully reproduce. Set up an HTTP proxy which blocks 169.254.169.254 169.254.170.2 etc
Set http_proxy, https_proxy and no_proxy vars as described above on an EC2 instance.
Then run any cdk command with --ec2creds.
Error Log
Using proxy server: http://my.company.proxy:8080
...
Setting "CDK_DEFAULT_REGION" environment variable to eu-central-1
Resolving default credentials
Looking up default account ID from STS
Unable to determine the default AWS account (did you configure "aws configure"?): 403: Forbidden
at Request.extractError (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/protocol/query.js:50:29)
at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
message: 'Forbidden',
code: 403,
time: 2020-04-01T15:31:39.434Z,
requestId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 96.63323741736052
}
...
Cannot retrieve value from context provider vpc-provider since account/region are not specified at the stack level. Either configure "env" with explicit account and region when you define your stack, or use the environment variables "CDK_DEFAULT_ACCOUNT" and "CDK_DEFAULT_REGION" to inherit environment information from the CLI (not recommended for production stacks)
Environment
- CLI Version : 1.31.0
- Framework Version: 1.31.0
- OS : Amazon Linux 2
- Language : Typescript
$ cdk doctor
ℹ️ CDK Version: 1.31.0 (build 8f3ac79)
ℹ️ AWS environment variables:
- AWS_DEFAULT_REGION = eu-central-1
ℹ️ No CDK environment variables
Other
No problem to run aws sts get-caller-identity
This is 🐛 Bug Report