Skip to content

fix(auth): #22827 missing region error when using AWS credentials file auth #22831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pront merged 1 commit into from
Apr 8, 2025
Merged

fix(auth): #22827 missing region error when using AWS credentials file auth #22831

pront merged 1 commit into from
Apr 8, 2025

Conversation

@cahartma
Copy link
Contributor

@cahartma cahartma commented Apr 8, 2025

Summary

Resolves newly created bug #22827, adding region to the credentials_file authentication method for aws services.

Before this fix, when using auth.credentials_file, and the file contained role_arn, and web_identity_token keys, the resulting sts calls produced a "Invalid Configuration" error in the log, and prevented the cloudwatch logs sink from authenticating. This fix adds 'auth.region' to the valid spec, and sets the value to the service_region if not provided.

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

How did you test this PR?

[sinks.output_my_cw]
type = "aws_cloudwatch_logs"
inputs = ["in"]
region = "us-east-2"
group_name = "group-test"
stream_name = "my-stream"
auth.credentials_file = "/root/.aws/credentials"
#auth.profile = "default"
encoding.codec = "json"

--------------------------
#Sample aws credentials file:
[default]
web_identity_token_file=/var/run/secrets/serviceaccount/token
role_arn=arn:aws:iam::123456789012:role/logging-role-for-sts

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the "no-changelog" label to this PR.

Checklist

  • Please read our Vector contributor resources.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run dd-rust-license-tool write to regenerate the license inventory and commit the changes (if any). More details here.

References

@cahartma cahartma requested a review from a team as a code owner April 8, 2025 15:06
@bits-bot
Copy link

bits-bot commented Apr 8, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@cahartma cahartma mentioned this pull request Apr 7, 2025
Closed
pront
pront approved these changes Apr 8, 2025
View reviewed changes
Copy link
Member

@pront pront left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @cahartma, thank you for the fix!

Please run generate-component-docs

@cahartma
Copy link
Contributor Author

cahartma commented Apr 8, 2025

Hey @pront, I've run make generate-component-docs as well as make docs with no changes.

@pront
Copy link
Member

pront commented Apr 8, 2025

Hey @pront, I've run make generate-component-docs as well as make docs with no changes.

Oh I see. I was expecting changes but region already exists in another variant and (unfortunately) the AwsAuthentication is marked as untagged.

There are a few checks that are failing. We need a changelog and fmt.

@cahartma cahartma mentioned this pull request Apr 8, 2025
Merged
@cahartma cahartma force-pushed the fix-aws-auth-missing-region branch from c76a12f to 96278f3 Compare April 8, 2025 17:31
pront
pront reviewed Apr 8, 2025
View reviewed changes
@pront pront enabled auto-merge April 8, 2025 18:17
auto-merge was automatically disabled April 8, 2025 20:11

Head branch was pushed to by a user without write access

@cahartma cahartma force-pushed the fix-aws-auth-missing-region branch from f16d470 to 22c0093 Compare April 8, 2025 20:11
@pront pront enabled auto-merge April 8, 2025 20:19
@pront pront added this pull request to the merge queue Apr 8, 2025
Merged via the queue into vectordotdev:master with commit 1de7e9d Apr 8, 2025
56 checks passed
pront pushed a commit to gllb/vector that referenced this pull request Apr 22, 2025
@cahartma @pront
fix(auth): vectordotdev#22827 missing region error when using AWS cre…
3320805 
…dentials file auth (vectordotdev#22831)

fix missing region when using aws credentials file auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pront pront pront approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AWS Cloudwatch sink missing region error when role_arn is used with Credentials File Authentication

3 participants

@cahartma @bits-bot @pront