Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

"AWS SDK for Java 1.x end of support" caused by AWS CloudWatch Logs Insights activity

0

We received a notification about "[Action Required] AWS SDK for Java 1.x end of support". While analyzing, it turned out that the usage of the AWS SDK for Java version 1.x seems to solely be emitted when using the AWS Console > CloudWatch > Logs Insights. Is that plausible and on purpose?

From a sample CloudTrail output: eventCategory Management eventName AssumeRoleWithSAML eventSource sts.amazonaws.com userAgent aws-internal/3 aws-sdk-java/1.12.797 Linux/4.14.355-282.729.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/17.0.19+10-LTS java/17.0.19 vendor/Amazon.com_Inc.

Topics
Management & Governance
Tags
CloudWatch Logs InsightsAWS Health
Language
English
asked 8 days ago452 views
2 Answers
1

Yes, this is plausible. The user agent string you're seeing in CloudTrail indicates that AWS's internal services are using AWS SDK for Java 1.x version 1.12.797. When you use CloudWatch Logs Insights through the AWS Console, the backend AWS services that process your query may be using SDK v1 internally.

This is AWS's internal usage of the SDK, not your application code. The end-of-support notification you received is specifically about YOUR use of AWS SDK for Java 1.x in your own applications and code. You should not be concerned about AWS's internal service usage - AWS will handle migrating their own internal services.

The notification is meant to alert you if you have applications or code that directly depend on AWS SDK for Java 1.x. Since the SDK entered maintenance mode on July 31, 2024, and will reach end-of-support on December 31, 2025, you should focus on migrating any of your own applications that use SDK v1 to SDK v2. If you're only seeing this SDK usage from AWS Console activities and not from your own applications, then you likely don't need to take action regarding your own code.

To verify, check if any of your deployed applications, Lambda functions, or other code directly uses the AWS SDK for Java 1.x dependencies.
Sources
General Availability Release of the Migration Tool for the AWS SDK for Java 2.x | AWS Developer Tools Blog

answered 8 days ago
EXPERT
reviewed 8 days ago
0

We have also found this. It's been quite a wild goose chase -- we manage ~100 accounts, and we got dozens of notices about Java SDK 1.x. We issued tickets to various teams and had all kinds of email communications internally. Nobody could identify their 1.x SDK usage. I dug deep on one account, and the only thing I could come up with was this aws-internal/3 useragent (same exact string reported by @uhagemann).

Amazon Q told us it might be the Identity Center SSO page, but I think CloudWatch Logs is a little more likely, since I got notifications for about 30-40 of our organization's accounts. If it has been SSO, I would have expected either one notice for the management account or a notice for every single account in the org.

PLEASE, AWS -- adjust your filters for this so that we don't get pinged because of your own tools' outdated SDK usage. Even better -- fix your tools before you start sending notifications to customers. This has wasted a LOT of our time.

answered 2 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content