Open colinbjohnson opened 1 year ago
That's interesting. We'll have to dive a little deeper into it, but if I understand correctly, you are using a static file credential in your CloudWatch agent container, running on ECS? I don't think I've come across someone doing that yet, though I could see why someone would want to.
We actually mount the credentials file into the Docker container when running locally - we use this configuration for testing.
This issue was marked stale due to lack of activity.
This issue was marked stale due to lack of activity.
I wouldn't consider this issue stale - I believe it is still an issue.
Bug Report
The CloudWatch agent does not appear to utilize the file named
/root/.aws/credentials
as a credential source. The logs below show that the credential file is being used for "outputs" configuration but is not being used by some number of "inputs" configurations in particular[inputs.prometheus_scraper.ecs_service_discovery.service_name_list_for_tasks]
.Evidence of credential file being used by "output" - from the logs you can see
shared_credential_file
is set toshared_credential_file = "/root/.aws/credentials"
.And evidence that the file is not being used by inputs despite being available:
From the logs you can see no evidence that
shared_credential_file = "/root/.aws/credentials"
is used.and further:
Reproduction
To reproduce the error use the files contained within the "Config" section below.
Expected Output
The credentials from the credentials file should be used.
Actual Output
I saw the following errors followed by an application exit:
Version
AmazonCloudWatchAgent 1.247358.0
Config
Configuration to reproduce this setup is below:
docker-compose.yml
amazon-cloudwatch-agent-prometheus.json
prometheus.yaml
Environment
I am using the Docker Image
public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest
- which, at this moment, contains CloudWatch agent1.247358.0
.Additional Context
None.