-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS_CONTAINER_CREDENTIALS_FULL_URI environment variable is not respected when set #811
Comments
We're working on EKS Pod identity support, which involves refactoring the HTTP Provider. We're adding support for this env var in the same feature: fluent/fluent-bit#8826 Please take a look. |
AWS Distro PR diff: PettitWesley/fluent-bit#32 |
These images contain the feature support along with some other upcoming work we are testing:
|
Hi team, is there an update on this? It will be really good so that other AWS IoT Greengrass components can leverage FluentBit |
I'm also looking for the EKS Pod Identity support in fluent-bit - is there any progress on this? |
Any updates on this? We too are trying to use FluentBit with Greengrass and this is a blocker for us. Is there a way to get access to the ECR images referenced above to validate this feature? |
We are trying to use FluentBit in an AWS IoT Greengrass Component to log to Cloudwatch. The way Greengrass Components authenticate to AWS services is through a Token Exchange Service (which is another Greengrass component) running on the same device. In order to have code using the AWS SDKs be able to ask this service for credentials, an environment variable named
AWS_CONTAINER_CREDENTIALS_FULL_URI
can be set. Unfortunately aws-for-fluent-bit (or at least the cloudwatch_logs plugin part of it) does not seem to detect the presence of this variable, and instead only looks forAWS_CONTAINER_CREDENTIALS_RELATIVE_URI
, which doesn't work for the purposes of using anything running on the local device instead of in AWS.Example invocation with environment variables passed:
fluent-bit/bin/fluent-bit -i cpu -o cloudwatch_logs -p region=us-east-1 -p log_group_name=group_name -p log_stream_prefix=stream_prefix -p role_arn=[REDACTED] -vvv
Relevant log output:
Running commands in the same container that use the AWS SDK (like a boto request to S3) do successfully detect and use the
AWS_CONTAINER_CREDENTIALS_FULL_URI
environment variable, and are able to aqcuire the necessary credentials to talk to AWS services.The text was updated successfully, but these errors were encountered: