Vague :nxdomain error when client.region is nil

[wyattisimo]

If the AWS client is inadvertently created with a nil value for the region, then invoking a resource request will result in a vague {:error, :nxdomain} result.

Example

GIVEN:

The env var AWS_REGION is not set, but AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are.

WHEN:

This code is executed:

aws = AWS.Client.create(
  System.get_env("AWS_ACCESS_KEY_ID"),
  System.get_env("AWS_SECRET_ACCESS_KEY"),
  System.get_env("AWS_REGION")
)
{:ok, msg} = AWS.Lambda.delete_function(aws, "my-lambda-function", %{})

THEN:

The following error occurs:

(MatchError) no match of right hand side value: {:error, :nxdomain}

Notes

After some investigation, I discovered that the request sent to hackney was specifying the host as: lambda..amazonaws.com

This malformed host value is built when parts contains ["lambda", nil, "amazonaws.com"] in the build_final_endpoint function here:

aws-elixir/lib/aws/request.ex

Line 253 in 8e23feb

joined = Enum.join(parts, ".")

build_final_endpoint is called here:

aws-elixir/lib/aws/request.ex

Lines 227 to 234 in 8e23feb

	build_final_endpoint(
	[
	to_string(metadata[:host_prefix]) <> metadata.endpoint_prefix,
	client.region,
	endpoint
	],
	build_options
	)

Resolution?

If the AWS API always requires a region subdomain for these endpoints, it would be helpful if this library had some sort of validation to ensure the presence of client.region and produce a clear error message when it's missing.

[onno-vos-dev]

@wyattisimo Thank you for the detailed issue! It's the start of 2025 but I'd argue you probably won 2025's "Best Issue Award" 👍 🥇

The fun of regions and the bungeejumping with that in AWS. It's been a while since I dug deep into this but I believe AWS assumes a default region in some places (so called "global" endpoints) while it's necessary in others. Hence (IIRC) we assume the region to always need to be defined. Lambda is one of those where the region is at least required. (See doc).

I'm more than open to find a "happy place" to provide a more clear error message on the client.region being missing so if you have a decent proposal for a "happy place" I'd be open to accept a PR 👍

How about we add a check in:

aws-elixir/lib/aws/client.ex

Line 117 in 8e23feb

def create(access_key_id, secret_access_key, token, region) do

and change it to something like:

def create(access_key_id, secret_access_key, token, nil) do
   raise RuntimeError, "missing region"
end

def create(access_key_id, secret_access_key, token, region) do
  %AWS.Client{
    access_key_id: access_key_id,
    secret_access_key: secret_access_key,
    session_token: token,
    region: region
  }
end