This repository is extends of https://github.com/uken/fluent-plugin-elasticsearch/ which made connectable to Amazon Elassticsearch Service using Aws Signers V4. Please check the requirements to connect to Amazon Elassticsearch Service without using Aws Signers V4 for before starting use. (reference https://groups.google.com/forum/#!msg/fluentd/uW87VAOqxeE/cfhenicEBAAJ)
MIT License
122
stars
49
forks
source link
Need to be able to specify session duration properly #83
We noticed while using the opensearch plugin that when STS credentials are created using similar logic as this plugin, a session duration isn't specified, and so despite a much longer maximum session duration on the role itself, they default to 1 hour, which overwhelms the IAM role assumption role throttling built into AWS ES when using a large number of assume role calls on a domain.
...
Problem
We noticed while using the opensearch plugin that when STS credentials are created using similar logic as this plugin, a session duration isn't specified, and so despite a much longer maximum session duration on the role itself, they default to 1 hour, which overwhelms the IAM role assumption role throttling built into AWS ES when using a large number of assume role calls on a domain. ...
Steps to replicate
https://github.com/fluent/fluent-plugin-opensearch/issues/68 Same thing would be present for any config using assume_role_arn in their stanza.
Expected Behavior or What you need to ask
We would like to have the option to specify and pass on duration_seconds to the STS credential provider here:
https://github.com/atomita/fluent-plugin-aws-elasticsearch-service/blob/master/lib/fluent/plugin/out_aws-elasticsearch-service.rb#L99
...
Using Fluentd and ES plugin versions
Fluentd v1.14.4 fluent-plugin-aws-elasticsearch-service 2.4.1