Closed openshift-poc closed 3 years ago
<match a.great.your.tag.***>
@type cloudwatch_logs
region ap-northeast-1
aws_key_id AKIASUPER1AWSKEY
aws_sec_key FcawsSecret1234Key
# and some configuration
</match>
Can handle AWS credentials.
If you use environment variables, AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, and AWS_REGION
should be used to set up AWS credentials.
Am I missing something?
The issue is I am unable to pass the session token parameter . This parameter is required when using temporary credentials which expire after some time. This link from AWS provides more details on using temporary credentials https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
If you want to use session token via environment variables, you should set up:
The issue is I am unable to pass the session token parameter . This parameter is required when using temporary credentials which expire after some time. This link from AWS provides more details on using temporary credentials https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
This plugin supports AWS STS credentials:
use_aws_sts true
aws_sts_role_arn arn:aws:iam::123456789012:role/policy-name
aws_sts_session_name awesome-session-name
You shouldn't prepare temporary credentials by hand. Instead, prepare the above configurations for STS authentication and roles for assume role credentials by ~/.aws/config
.
ref: https://docs.aws.amazon.com/AmazonS3/latest/dev/AuthUsingTempSessionTokenRuby.html
@openshift-poc can we close this issue?
Yes please.
Thank you very much.
On Thu., 18 Feb. 2021, 6:55 pm Kentaro Hayashi, notifications@github.com wrote:
@openshift-poc https://github.com/openshift-poc can we close this issue?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-logs/issues/163#issuecomment-781131348, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFQK4QUKW3BDDWKWGE3H7RDS7TBXRANCNFSM4IZHH4RQ .
Hi, @openshift-poc was this issue resolved for you?
Problem
While running the Fluentd container with this plugin the output throws below error. CloudWatchLogs::Errors::UnrecognizedClientException: The security token included in the request is invalid. ... Tried to set AWS_SESSION_TOKEN as export AWS_SESSION_TOKEN but does not work. Also tried to set AWS_SESSION _TOKEN within the conf , getting same error.
Steps to replicate
Provide example config and message Example config is as per the problem. Contains AWS KEY ID and SEC KEY. Unable to pass token as parameter .
CloudWatchLogs::Errors::UnrecognizedClientException: The security token included in the request is invalid.
Expected Behavior or What you need to ask
...
Using Fluentd and CloudWatchLogs plugin versions
1.7.1 Alpine linux fluentd and fluent-plugin-cloudwatch-logs 0.7.4.