On my local environment, I develop a file upload feature with a express/node backend and an AWS S3 server (using scality/S3). Both services are dockerized in their own container, and the communication works fine.
My problem is that the S3 server seems not to understand the upload request. Here is the code I try to use :
const s3 = new S3({
accessKeyId: 'accessKey1',
secretAccessKey: 'verySecretKey1',
endpoint: 's3server:8000',
sslEnabled: false,
s3ForcePathStyle: true,
});
function uploadFile(file) {
const params = {
Body: file,
Bucket: 'testbucket',
Key: 'testkey',
ACL: 'public-read',
};
s3.upload(params, (err, data) => {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
}
The S3 server receives the request but send back the error:
{"name":"S3","clientIP":"::ffff:172.18.0.5","clientPort":45066,"httpMethod":"PUT","httpURL":"/testbucket/testkey","time":1502458550488,"req_id":"7f4fac280644b5cf203c","level":"info","message":"received request","hostname":"faf8cb0b47d4","pid":103}
{"name":"S3","bytesSent":192,"clientIP":"::ffff:172.18.0.5","clientPort":45066,"httpMethod":"PUT","httpURL":"/testbucket/testkey","httpCode":400,"time":1502458550491,"req_id":"7f4fac280644b5cf203c","elapsed_ms":2.607924,"level":"info","message":"responded with error XML","hostname":"faf8cb0b47d4","pid":103}
And the node backend logs the error:
{ InvalidURI: Couldn't parse the specified URI.
at Request.extractError (/usr/src/api/node_modules/aws-sdk/lib/services/s3.js:577:35)
at Request.callListeners (/usr/src/api/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/usr/src/api/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/usr/src/api/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/src/api/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/src/api/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/src/api/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/src/api/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/usr/src/api/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/usr/src/api/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
at Request.emit (/usr/src/api/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/usr/src/api/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/src/api/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/src/api/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/src/api/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/src/api/node_modules/aws-sdk/lib/request.js:38:9)
message: 'Couldn\'t parse the specified URI.',
code: 'InvalidURI',
region: null,
time: 2017-08-11T13:35:50.510Z,
requestId: '7f4fac280644b5cf203c',
extendedRequestId: '7f4fac280644b5cf203c',
cfId: undefined,
statusCode: 400,
retryable: false,
retryDelay: 57.08331622136704 }
I saw some answers about utf-8 encoding problems but it didn't work on my case :/
Does anyone has an idea about why it can't parse the URI ?
Thank you for your time !
You can fix this by providing your own config.json using volumes, as suggested here.
Copy config.json.
Add "s3server": "us-east-1", to "restEndpoints".
docker run -v $(pwd)/config.json:/usr/src/app/config.json ...
or if you're using docker compose, add something like the following to your docker-compose.yaml:
s3server:
image: scality/s3server
restart: always
expose: [8000]
stdin_open: true
tty: true
container_name: s3server
volumes:
- "${PWD}/s3config.json:/usr/src/app/config.json"
Related
InvalidArgument: null
at Request.extractError (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\services\s3.js:700:35)
at Request.callListeners (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\sequential_executor.js:106:20)
at Request.emit (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\sequential_executor.js:78:10)
at Request.emit (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\request.js:688:14)
at Request.transition (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\request.js:22:10)
at AcceptorStateMachine.runTo (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\state_machine.js:14:12)
at P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\state_machine.js:26:10
at Request.<anonymous> (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\request.js:38:9)
at Request.<anonymous> (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\request.js:690:12)
at Request.callListeners (P:\Upwork\MyProject\backend\node_modules\aws-sdk\lib\sequential_executor.js:116:18) {
code: 'InvalidArgument',
region: null,
time: 2020-12-31T15:39:45.724Z,
requestId: '',
extendedRequestId: undefined,
cfId: undefined,
statusCode: 400,
retryable: false,
retryDelay: 85.1667642693943
}
This error occurs when trying to upload to DigitalOcean Spaces or Amazon S3.
The error message is very vague just supplying InvalidArgument as a reason.
code: 'InvalidArgument' suggests that there is an issue with the supplied uploadParams.
const uploadParams = {
Bucket: process.env.DIGITAL_OCEAN_PUBLIC_SPACE_NAME,
Key: `profile-picture/${userUUID}.jpg`,
Body: body,
ACL: 'public',
};
In my case we can see above that I was trying to use ACL: 'public'.
This is not a valid ACL value, a value of ACL: 'public-read' should be used. For private objects you should use ACL: 'private'. The documentation can be found here.
If you receive this error check that your bucket name, ACL values and all of your uploadParams are valid.
I have an infrastructure where AWS login happens on a Role basis requires MFA from MS authenticator which pops up on Mobile device for Accept or Decline. Normally on CLI, we use saml2aws and it generates temporary access key secret key with assume role.
I am trying to use aws-sdk in my nodejs and trying to validate the credentials but not getting any popup and gets below error.
Please suggest the method or way to achieve this.
const AWS = require('aws-sdk');
var eks = new AWS.EKS({ accessKeyId: "ABCDEFGHIJKLMNOPQRSTUVWXYZ", secretAccessKey : "gsdhjfkjbkbfvfkqbvfhvqhfvqhfv", region: "us-west-2"});
var params = { name: "testing" };
eks.describeCluster(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
After executing the above code: I am receiving the below error:
UnrecognizedClientException: The security token included in the request is invalid.
at Object.extractError (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\protocol\json.js:52:27)
at Request.extractError (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\protocol\rest_json.js:55:8)
at Request.callListeners (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\sequential_executor.js:106:20)
at Request.emit (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\sequential_executor.js:78:10)
at Request.emit (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\request.js:688:14)
at Request.transition (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\request.js:22:10)
at AcceptorStateMachine.runTo (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\state_machine.js:14:12)
at D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\state_machine.js:26:10
at Request.<anonymous> (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\request.js:38:9)
at Request.<anonymous> (D:\Prashant\kubernetes-app\node_modules\aws-sdk\lib\request.js:690:12) {
code: 'UnrecognizedClientException',
time: 2020-11-03T22:36:19.516Z,
requestId: '2e3486d0-3219-410c-8963-970958c5c14d',
statusCode: 403,
retryable: false,
retryDelay: 91.55836550904752
}
This request is completed. Was a bit tricky but done. Comment if anyone else facing the issue will let you know the solution.
I have followed this guide: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/ec2-example-creating-an-instance.html
When I run the code below - I get the UnknowEndPoint error.
I have created an AWS IAM user and added the user to a group with the policy name "IAMFullAccess" - I don't know which other policy would fit (I can see in the AWS dashboard that my credentials has been used programmatically - So I guess this part works well...)?
I have placed my credentials in the .aws folder in a file named credentials.
I am not sure what actually to put inside the 'KeyName' below - currently I have entered the Key Pair Name I find by clicking on one of my existing AWS EC2 instances in the dashboard. Is this correct?
Is there some security group or similar I need to edit - to able to connect NodeJS to my AWS account? Otherwise I have no clue what to do?
In start.js file:
process.env.AWS_SDK_LOAD_CONFIG=1;
var AWS_SDK = require('./aws_sdk');
var aws_sdk = new AWS_SDK();
aws_sdk.CopyInstance();
In aws_sdk.js file:
function AWS_SDK() {
this.CopyInstance = function() {
try {
// Load the AWS SDK for Node.js
var AWS = require('aws-sdk');
//Set the region
AWS.config.update({region: 'us-east-2a'});
var instanceParams = {
ImageId: 'ami-0...',
InstanceType: 't1.micro',
KeyName: '<Key_name>',
MinCount: 1,
MaxCount: 1
};
// Create a promise on an EC2 service object
var instancePromise = new AWS.EC2({apiVersion: '2016-11-15'}).runInstances(instanceParams).promise();
// Handle promise's fulfilled/rejected states
instancePromise.then(
function (data) {
console.log(data);
var instanceId = data.Instances[0].InstanceId;
console.log("Created instance", instanceId);
// Add tags to the instance
var tagParams = {
Resources: [instanceId], Tags: [
{
Key: 'Name',
Value: 'SDK Sample'
}
]
};
// Create a promise on an EC2 service object
var tagPromise = new AWS.EC2({apiVersion: '2016-11-15'}).createTags(tagParams).promise();
// Handle promise's fulfilled/rejected states
tagPromise.then(
function (data) {
console.log("Instance tagged");
}).catch(
function (err) {
console.error(err, err.stack);
});
}).catch(
function (err) {
console.error(err, err.stack);
});
}
catch(e){
wl.info('Error: ' + e);
}
}
function create() {
if(globalAWS === null)
globalAWS = new AWS_SDK();
return globalAWS;
}
module.exports = create;
ERROR:
{ UnknownEndpoint: Inaccessible host: ec2.us-east-2a.amazonaws.com'.
This service may not be available in theus-east-2a' region.
at Request.ENOTFOUND_ERROR (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\event_listeners.js:486:46)
at Request.callListeners (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:106:20)
at Request.emit (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:78:10)
at Request.emit (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\request.js:683:14)
at ClientRequest.error (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\event_listeners.js:325:22)
at ClientRequest. (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\http\node.js:93:19)
at ClientRequest.emit (events.js:182:13)
at ClientRequest.EventEmitter.emit (domain.js:442:20)
at TLSSocket.socketErrorListener (_http_client.js:391:9)
at TLSSocket.emit (events.js:182:13) message: 'Inaccessible host: ec2.us-east-2a.amazonaws.com\'. This service may not be
available in theus-east-2a\' region.', code: 'UnknownEndpoint',
region: 'us-east-2a', hostname: 'ec2.us-east-2a.amazonaws.com',
retryable: true, originalError: { Error: getaddrinfo ENOTFOUND
ec2.us-east-2a.amazonaws.com ec2.us-east-2a.amazonaws.com:443
at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:57:26)
message:
'getaddrinfo ENOTFOUND ec2.us-east-2a.amazonaws.com ec2.us-east-2a.amazonaws.com:443',
errno: 'ENOTFOUND',
code: 'NetworkingError',
syscall: 'getaddrinfo',
hostname: 'ec2.us-east-2a.amazonaws.com',
host: 'ec2.us-east-2a.amazonaws.com',
port: 443,
region: 'us-east-2a',
retryable: true,
time: 2019-01-14T20:03:42.177Z }, time: 2019-01-14T20:03:42.177Z } 'UnknownEndpoint: Inaccessible host:
ec2.us-east-2a.amazonaws.com\'. This service may not be available in
theus-east-2a\' region.\n at Request.ENOTFOUND_ERROR
(D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\event_listeners.js:486:46)\n
at Request.callListeners
(D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:106:20)\n
at Request.emit
(D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:78:10)\n
at Request.emit
(D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\request.js:683:14)\n
at ClientRequest.error
(D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\event_listeners.js:325:22)\n
at ClientRequest.
(D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\http\node.js:93:19)\n
at ClientRequest.emit (events.js:182:13)\n at
ClientRequest.EventEmitter.emit (domain.js:442:20)\n at
TLSSocket.socketErrorListener (_http_client.js:391:9)\n at
TLSSocket.emit (events.js:182:13)'
Process finished with exit code 0
If I change the REGION to "us-east-2" (delete the 'a' at the end) the error changes to this:
{ Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
at Request.extractError (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\services\ec2.js:50:35)
at Request.callListeners (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:106:20)
at Request.emit (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:78:10)
at Request.emit (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\request.js:683:14)
at Request.transition (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\request.js:22:10)
at AcceptorStateMachine.runTo (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\state_machine.js:14:12)
at D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\state_machine.js:26:10
at Request.<anonymous> (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\request.js:38:9)
at Request.<anonymous> (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\request.js:685:12)
at Request.callListeners (D:\Workspace\BitBucket\Test\node_modules\aws-sdk\lib\sequential_executor.js:116:18)
message:
'The requested configuration is currently not supported. Please check the documentation for supported configurations.',
code: 'Unsupported',
time: 2019-01-14T20:31:55.954Z,
requestId: '815a44e2-5d0d-453e-a4ff-6faac2695064',
statusCode: 400,
retryable: false,
retryDelay: 51.269952198296934 } 'Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.\n at Request.extractError (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\services\\ec2.js:50:35)\n at Request.callListeners (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\sequential_executor.js:106:20)\n at Request.emit (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\sequential_executor.js:78:10)\n at Request.emit (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\request.js:683:14)\n at Request.transition (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\request.js:22:10)\n at AcceptorStateMachine.runTo (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\state_machine.js:14:12)\n at D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\state_machine.js:26:10\n at Request.<anonymous> (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\request.js:38:9)\n at Request.<anonymous> (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\request.js:685:12)\n at Request.callListeners (D:\\Workspace\\BitBucket\\Test\\node_modules\\aws-sdk\\lib\\sequential_executor.js:116:18)'
Update 1:
I changed the REGION from to 'us-est-2' and now also updated my ~/.aws/config file (before the file only contained 1 line/row: 'region=us-west-2'):
[default]
region=us-west-2
output=json
Now I get this error (when I try to decode it in the CMD) - I still don't understand what extra roles I have to give/grant my IAM-AWS user to be able read the error message?
An error occurred (AccessDenied) when calling the DecodeAuthorizationMessage operation: User: arn:aws:iam::0046xxxxxxx:user/user_name is not authorized to perform: sts:DecodeAuthorizationMessage
You have configured your AWS region as us-east-2a. That isn't a region, that is an availability zone. Your region should be configured as us-east-2.
After I added the IAM role: "AdministratorAccess" all issues were gone :) The question is now - which role(s) are actually needed to be granted for it to work..."AdministratorAccess" was just for testing purpose.
I'm testing Amazon SageMaker service with NodeJS + AWS SDK and after create a new model and endpoint based on this example (everything works well in the notebook, including the request to the endpoint), I'm trying to create requests from my Express application, but I'm getting the following error:
Error during recognition: { InvalidImageFormatException: Request has Invalid image format
at Request.extractError (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.callListeners (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/sequential_executor.js:109:20)
at Request.emit (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/sequential_executor.js:81:10)
at Request.emit (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/sequential_executor.js:119:18)
at Request.emit (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/sequential_executor.js:81:10)
at Request.emit (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/Users/pdonaire/Documents/workspaceNode/trsps-controller/node_modules/aws-sdk/lib/request.js:38:9)
message: 'Request has Invalid image format',
code: 'InvalidImageFormatException',
time: 2018-09-10T04:42:07.530Z,
requestId: 'de3a04ff-b4b3-11e8-9bd8-8b88f803570c',
statusCode: 400,
retryable: false,
retryDelay: 55.860720412209794 }
My code is as follows:
export function sendRequestToSageMaker(base64image) {
const params = {
Body: new Buffer(base64image, 'base64') , /* Strings will be Base-64 encoded on your behalf */ /* required */
EndpointName: 'DEMO-imageclassification-ep--XXXX', /* required */
Accept: 'application/json',
ContentType: 'application/x-image'
};
sagemakerruntime.invokeEndpoint(params, function(err, data) {
if (err)
console.error(err, err.stack); // an error occurred
else
console.log(data); // successful response
});
return null;
}
base64image is req.body.photo from a request that I'm doing with Postman with a JSON and just a single photo property with a base64 string that I've made with base64-image.de website.
Any help will be helpful! Thank you so much! :-)
the SageMaker image classification algorithm only supports images as payload and does not support base64 encoded payload and that is why you see the InvalidImageFormatException.
I am trying to authenticate a cognito user pool user in node, but I am running into an error (404) when refreshing the credentials. I try authenticating with cognitoUser.authenticateUser. That is successful, and inside the onSuccess, I create credentials with AWS.CognitoIdentityCredentials and get the following
CognitoIdentityCredentials {
expired: true,
expireTime: null,
accessKeyId: undefined,
sessionToken: undefined,
params:
{ IdentityPoolId: '...',
Logins:
{ 'cognito...': '...' } },
data: null,
_identityId: null,
_clientConfig: {} }
So I try refreshing the credentials with AWS.config.credentials.refresh but I get this error
{ UnknownError: Not Found
at Request.extractError (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.callListeners (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /Users/.../projects/nodekb/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/Users/.../projects/nodekb/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
message: 'Not Found',
code: 'UnknownError',
statusCode: 404,
time: 2018-02-21T19:03:29.670Z,
requestId: '...',
retryable: false,
retryDelay: 81.76059666489807 }
Note: these are the two libraries I have required
const AWS = require('aws-sdk');
const AWSCognito = require('amazon-cognito-identity-js');
and I'm following the instructions here. Specifically use case 4
I believe my issue was that my endpoint was set to dynamo. After I changed the endpoint in the AWS configuration, I got another error
I had the same problem, runnining in node, the endpoint was by default set also to dynamodb endpoint. After reseting it (I changed it to undefined), the credentials were refreshed.
( < AWS.CognitoIdentityCredentials > AWS.config.credentials).refresh((error) => {});