Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for AWS Profiles != "default" #140

Open
dougheitkamp opened this issue Dec 2, 2019 · 4 comments
Open

Support for AWS Profiles != "default" #140

dougheitkamp opened this issue Dec 2, 2019 · 4 comments
Labels
enhancement

Comments

@dougheitkamp
Copy link

dougheitkamp commented Dec 2, 2019
edited
Loading

It looks like manticore_adapter.rb on lines 43 and 44 pull AWS credentials using options that come from http_client.rb (lines 262-293). Nowhere in here can the AWS_PROFILE be set to anything other than "default". I need to be able to specify which AWS profile should be used. My particular use case uses the same profile for all amazon_es outputs. Ideally the profile should be:
1.) the value of a new option, aws_profile, if provided.
2.) the AWS_PROFILE environment variable value, if set and (1) is not provided.
3.) "default", if (1) and (2) are not available.

If nothing else, getting option 2 (and 3) to work makes this plugin consistent with the SQS input plugin.

BTW, the error for this is pretty poor. You get this error...

undefined method `credentials' for nil:NilClass

... which look exactly like #126

It took a long time to figure out what was really happening here. If there is a way to provide the profile and I missed it, please let me know. My ruby is not good, so I'd rather not attempt the fix on this.
@AustinTag
Copy link
Contributor

You can provide static credentials to the plugin, does this not work for your use case?

@dougheitkamp
Copy link
Author

dougheitkamp commented Jan 31, 2020
edited
Loading

Our credentials expire every hour, so while it's possible to use "static" credentials, using this approach is a horrible experience.

Our development teams have access to multiple AWS accounts and we keep simultaneous credentials active. The AWS command line arguments and the AWS programming APIs can all accommodate this multi-account setup by allowing us to set the AWS_PROFILE environment variable or by providing the profile directly (via options like --profile on the aws command line). The SQS input plugin for Logstash is also sensitive the AWS_PROFILE setting. The amazon_es output plugin is not.

Our work-around for this has been to have our devs label the account that they need to do amazon_es work in as "default" in their credentials file. We really frown upon doing this though as it becomes very easy to execute the wrong aws command in the wrong environment when "default" is set. When it's not set, commands will error out, forcing the developer to correct the mistake and explicitly set the intended profile.

More background:
Our production and staging environments don't have this issue, as they are deployed Fargate tasks, but all of our development happens on local docker containers. It's during this development that we have our issues.

@AustinTag
Copy link
Contributor

I see. This feature makes sense. We are prioritizing a few bug fixes before adding new features, but we will update this issue when we have bandwidth for this task.

@dougheitkamp
Copy link
Author

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougheitkamp @AustinTag