Out_cloudwatch_logs does not use Fargate execution role

[Till--H]

Problem

I tried to use the plugin to write to CloudWatch (from Fargate), assuming the execution role would be used to write the logs (i.e., did not provide additional authentication details). This gave me an error

error_class=Aws::Errors::MissingCredentialsError error="unable to sign request without credentials set"

The error was gone when I created a user and explicitly passed in its auth details, everything worked as expected.

Expected Behavior or What you need to ask

Fargate execution role is used to have better security control.

Using Fluentd and CloudWatchLogs plugin versions

fluentd 1.7.4

async (1.23.0)
async-http (0.46.3)
async-io (1.27.0)
aws-eventstream (1.0.3)
aws-partitions (1.230.0)
aws-sdk-cloudwatchlogs (1.26.0)
aws-sdk-core (3.72.0)
aws-sigv4 (1.1.0)
bigdecimal (1.3.5)
cmath (default: 1.0.0)
concurrent-ruby (1.1.5)
console (1.5.0)
cool.io (1.5.4)
csv (default: 1.0.0)
date (default: 1.0.0)
dig_rb (1.0.1)
etc (default: 1.0.0)
fcntl (default: 1.0.0)
fileutils (default: 1.0.2)
fluent-plugin-cloudwatch-logs (0.7.4)
fluent-plugin-concat (2.4.0)
fluentd (1.7.4)
http_parser.rb (0.6.0)
ipaddr (default: 1.2.0)
jmespath (1.4.0)
json (2.2.0)
msgpack (1.3.1)
nio4r (2.5.2)
oj (3.3.10)
openssl (default: 2.1.2)
protocol-hpack (1.4.1)
protocol-http (0.8.1)
protocol-http1 (0.8.3)
protocol-http2 (0.9.7)
psych (default: 3.0.2)
scanf (default: 1.0.0)
serverengine (2.1.1)
sigdump (0.2.4)
stringio (default: 0.0.1)
strptime (0.2.3)
strscan (default: 1.0.0)
timers (4.3.0)
tzinfo (2.0.0)
tzinfo-data (1.2019.3)
webrick (default: 1.4.2)
yajl-ruby (1.4.1)
zlib (default: 1.0.0)

[Till--H]

My bad, task role was used instead of execution role. Adding a task role also fixed the problem, so no issue here.