Error message isn't displayed when some ECS operations fail due to AccessDeniedException

[abicky]

Acknowledgements

• I have searched (https://github.com/aws/aws-sdk/issues?q=is%3Aissue) for past instances of this issue
• I have verified all of my SDK modules are up-to-date (you can perform a bulk update with go get -u github.com/aws/aws-sdk-go-v2/...)

Describe the bug

No error message is displayed when some ECS operations depending on ecs.awsAwsjson11_deserializeErrorAccessDeniedException fail due to AccessDeniedException.

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

An error message is displayed:

panic: operation error ECS: CreateService, https response error StatusCode: 400, RequestID: 4b95afb3-25ab-48dc-a2ba-1a9e4c0ecbda, AccessDeniedException: User: arn:aws:sts::xxxxxxxxx:assumed-role/xxxxxxxxxxx is not authorized to perform: ecs:CreateService on resource: arn:aws:ecs:ap-northeast-1:xxxxxxxxxxxxx:service/default/xxxxxxxx because no identity-based policy allows the ecs:CreateService action

goroutine 1 [running]:
main.main()
        example.com/test/main.go:23 +0x184

Current Behavior

No error message is displayed:

panic: operation error ECS: CreateService, https response error StatusCode: 400, RequestID: 2ed99e65-d0e9-463f-97c9-8b8cd34ffedf, AccessDeniedException:

goroutine 1 [running]:
main.main()
        example.com/test/main.go:23 +0x184

Reproduction Steps

1. Prepare an IAM user or role that doesn't have the permission ecs:CreateService
2. Run the following file with the user or role:
   • Note that you have to change the ARN of task definition.

package main

import (
	"context"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/ecs"
)

func main() {
	cfg, err := config.LoadDefaultConfig(context.Background())
	if err != nil {
		panic(err)
	}

	client := ecs.NewFromConfig(cfg)
	_, err = client.CreateService(context.Background(), &ecs.CreateServiceInput{
		ServiceName: aws.String("xxxxx"),
		TaskDefinition: aws.String("arn:aws:ecs:ap-northeast-1:xxxxxxxxxx:task-definition/xxxxxx"),
	})
	if err != nil {
		panic(err)
	}
}

Possible Solution

The commit abicky@a8afd4a resolves the issue.
It includes the changes made by make all after I changed codegen/sdk-codegen/aws-models/ecs.json without the following unrelated change:

diff --git a/feature/dynamodbstreams/attributevalue/go_module_metadata.go b/feature/dynamodbstreams/attributevalue/go_module_metadata.go
index d2c5ca8ee0..04358c081d 100644
--- a/feature/dynamodbstreams/attributevalue/go_module_metadata.go
+++ b/feature/dynamodbstreams/attributevalue/go_module_metadata.go
@@ -3,4 +3,4 @@
 package attributevalue

 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.45"
+const goModuleVersion = "1.15.13"

Additional Information/Context

No response

AWS Go SDK V2 Module Versions Used

module example.com/test

go 1.23.2

require (
	github.com/aws/aws-sdk-go-v2 v1.32.3
	github.com/aws/aws-sdk-go-v2/config v1.28.1
	github.com/aws/aws-sdk-go-v2/service/ecs v1.48.1
)

require (
	github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
	github.com/aws/smithy-go v1.22.0 // indirect
	github.com/jmespath/go-jmespath v0.4.0 // indirect
)

Compiler and Version used

go version go1.23.2 darwin/arm64

Operating System and version

Darwin Takeshis-MacBook-Air.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:14:59 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T8122 arm64

[abicky]

I've also created a PR #2860.

[RanVaknin]

Hi @abicky ,

Thanks for taking the time to diagnose and raise a PR. Like I mentioned on my comment in the PR, we cannot accept changes to the model file since those are generated from an upstream source. Your changes would be overwritten with the next service release.

I have raised this internally with the ECS service team (ticket ID #P165892123). I cannot guarantee a timeline in which this is going to be fixed, but once I hear back I will update you.

Thanks,
Ran~