Fix for missing S3 region if run with EC2 instance profile (#13525)

Signed-off-by: Thomas Heinen <theinen@tecracer.de>

1 files changed, 18 insertions, 2 deletions

diff --git a/lib/chef/application/base.rb b/lib/chef/application/base.rb
index 770b06e9d0..f4c365d390 100644
--- a/lib/chef/application/base.rb
+++ b/lib/chef/application/base.rb
@@ -386,8 +386,10 @@ class Chef::Application::Base < Chef::Application
     elsif uri.scheme == "s3"
       require "aws-sdk-s3" unless defined?(Aws::S3)
 
-      s3 = Aws::S3::Client.new
-      object = s3.get_object(bucket: uri.hostname, key: uri.path[1..-1])
+      bucket_name = uri.hostname
+      s3 = Aws::S3::Client.new(region: s3_bucket_location(bucket_name))
+
+      object = s3.get_object(bucket: bucket_name, key: uri.path[1..-1])
       File.open(path, "wb") do |f|
         f.write(object.body.read)
       end
@@ -403,6 +405,20 @@ class Chef::Application::Base < Chef::Application
     end
   end
 
+  def s3_bucket_location(bucket_name)
+    s3 = Aws::S3::Client.new(region: aws_api_region)
+
+    resp = s3.get_bucket_location(bucket: bucket_name)
+    resp.location_constraint
+  rescue Aws::S3::Errors::AccessDenied => _e
+    Chef::Log.warn("Missing s3:GetBucketLocation privilege, trying currently configured region #{aws_api_region}")
+    aws_api_region
+  end
+
+  def aws_api_region
+    ENV["AWS_REGION"] || Aws.shared_config.region || Aws::EC2Metadata.new.get("/latest/meta-data/placement/region")
+  end
+
   def interval_run_chef_client
     if Chef::Config[:daemonize]
       Chef::Daemon.daemonize(ChefUtils::Dist::Infra::PRODUCT)