Bug(node):

Introduction

LanceDB is a powerful database library that allows developers to interact with various data storage systems, including Amazon Web Services (AWS) S3. However, in version 0.17.0, a bug was introduced that causes LanceDB to fail when only the awsAccessKeyId and awsSecretAccessKey are provided. In this article, we will explore the issue, its symptoms, and the steps to reproduce it. We will also provide a solution to resolve the problem.

Similar Issues

This issue is similar to the one reported in the anthropic-sdk-typescript repository. The problem is caused by LanceDB's incorrect expectation of a user to provide the awsSessionToken in addition to the awsAccessKeyId and awsSecretAccessKey.

Problem

The problem arises when attempting to connect to LanceDB on AWS S3 using the following code:

connect(`s3://BUCKET_NAME`, { storageOptions: { awsAccessKeyId: `VALUE`, awsSecretAccessKey: `VALUE` } })

LanceDB will throw an error with a message indicating that the provided token is malformed or otherwise invalid. This is because LanceDB is expecting the awsSessionToken to be provided, which is not the case.

Are There Known Steps to Reproduce?

Yes, there are known steps to reproduce this issue. Here are the steps:

Step 1: Connect to LanceDB on AWS S3

Connect to LanceDB on AWS S3 using the following code:

connect(`s3://BUCKET_NAME`, { storageOptions: { awsAccessKeyId: `VALUE`, awsSecretAccessKey: `VALUE` } })

Step 2: Observe Error

Observe the error that is thrown when attempting to run this code. The error message will indicate that the provided token is malformed or otherwise invalid.

Error Message

The error message will be similar to the following:

lance error: LanceError(IO): Generic S3 error: Error performing CreateSession request: Client error with status 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><RequestId>01aa15392f00019587bfb0ff0407c3f48b459944</RequestId><HostId>ZgESGWAF0rp4avMEamc</HostId></Error>, /home/build_user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/lance-0.23.2/src/dataset.rs:388:35  Caused by: LanceError(IO): Generic S3 error: Error performing CreateSession request: Client error with status 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>
  <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><RequestId>01aa15392f00019587bfb0ff0407c3f48b459944</RequestId><HostId>ZgESGWAF0rp4avMEamc</HostId></Error>, /home/build_user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/lance-0.23.2/src/dataset.rs:388:35    Caused by: Generic S3 error: Error performing CreateSession request: Client error with status 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>
    <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><RequestId>01aa15392f00019587bfb0ff0407c3f48b459944</RequestId><HostId>ZgESGWAF0rp4avMEamc</HostId></Error>      Caused by: Error performing CreateSession request: Client error with status 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>
      <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><RequestId>01aa15392f00019587bfb0ff0407c3f48b459944</RequestId><HostId>ZgESGWAF0rp4avMEamc</HostId></Error>        Caused by: Client error with status 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>
        <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message><RequestId>01aa15392f00019587bfb0ff0407c3f48b459944</RequestId><HostId>ZgESGWAF0rp4avMEamc</HostId></Error>

Solution

To resolve this issue, you need to provide the awsSessionToken in addition to the awsAccessKeyId and awsSecretAccessKey. You can do this by modifying the code as follows:

connect(`s3://BUCKET_NAME`, { storageOptions: { awsAccessKeyId: `VALUE`, awsSecretAccessKey: `VALUE`, awsSessionToken: `my-session-token` } })

By providing the awsSessionToken, you will be able to connect to LanceDB on AWS S3 without encountering the error.

Conclusion

Introduction

In our previous article, we explored the issue with LanceDB version 0.17.0, where it fails to connect to AWS S3 when only the awsAccessKeyId and awsSecretAccessKey are provided. We also provided a solution to resolve the problem by modifying the code to include the awsSessionToken. In this article, we will answer some frequently asked questions (FAQs) related to this issue.

Q: What is the cause of this issue?

A: The cause of this issue is LanceDB's incorrect expectation of a user to provide the awsSessionToken in addition to the awsAccessKeyId and awsSecretAccessKey.

Q: Why is the awsSessionToken required?

A: The awsSessionToken is required to authenticate with AWS S3. It provides an additional layer of security to ensure that only authorized users can access the data stored in S3.

Q: How can I resolve this issue?

A: To resolve this issue, you need to modify the code to include the awsSessionToken in addition to the awsAccessKeyId and awsSecretAccessKey. You can do this by modifying the code as follows:

connect(`s3://BUCKET_NAME`, { storageOptions: { awsAccessKeyId: `VALUE`, awsSecretAccessKey: `VALUE`, awsSessionToken: `my-session-token` } })

Q: What if I don't have the awsSessionToken?

A: If you don't have the awsSessionToken, you can generate one by following these steps:

1. Go to the AWS Management Console and navigate to the IAM dashboard.
2. Click on "Users" and select the user for which you want to generate a session token.
3. Click on the "Security credentials" tab and click on "Create a new access key".
4. Copy the access key ID and secret access key.
5. Use the access key ID and secret access key to generate a session token using the AWS CLI or SDK.

Q: Can I use the awsSessionToken with other AWS services?

A: Yes, you can use the awsSessionToken with other AWS services, such as Amazon S3, Amazon EC2, and Amazon RDS. However, you need to ensure that the awsSessionToken is valid for the specific service and region you are using.

Q: How can I troubleshoot this issue?

A: To troubleshoot this issue, you can follow these steps:

1. Check the error message to determine the cause of the issue.
2. Verify that the awsAccessKeyId and awsSecretAccessKey are correct.
3. Verify that the awsSessionToken is valid and not expired.
4. Check the AWS S3 bucket permissions to ensure that the user has the necessary permissions to access the data.

Conclusion

In conclusion, the issue with LanceDB version 0.17.0 is caused by its incorrect expectation of a user to provide the awsSessionToken in addition to the awsAccessKeyId and awsSecretAccessKey. By modifying the code to include the awsSessionToken, you can resolve this issue and connect to AWS S3 without encountering the error. We hope this Q&A article has provided you with the necessary information to troubleshoot and resolve this issue.