You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This one is difficult to reproduce, but the issue can be summarised in this screenshot:
In short, using the default credentials provider seems to be brittle - even though the ECS endpoint env variable is present, for some reason getting credentials through that fails, and the error that bubbles up is for the credentials file.
My hunch is that actual source of the error is timeouts (e.g. during task start up, 1 second might not be enough) and lack of retries. My current workaround is to manually create a provider with desired logic:
defawsEnvironment(
httpClient: org.http4s.client.Client[IO]
):Resource[IO, AwsEnvironment[IO]] =
std
.Env[IO]
.get("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")
.toResource
.flatMap:caseNone=>AwsEnvironment.default[IO](httpClient, AWS_REGION)
// Below is a hack to work around a bug in credentials loading// chain in smithy4s - we manually prioritise ECS credentialscaseSome(_) =>valprovider=newAwsCredentialsProvider[IO]
provider
.refreshing(
provider
.fromECS(httpClient, 10.second)
.onError(exc =>
scribe.cats.io
.error("Failed to get credentials from ECS endpoint", exc)
)
)
.map: cred =>AwsEnvironment.make(
httpClient,
IO.pure(AWS_REGION),
cred,
IO.realTime.map(_.toSeconds).map(Timestamp(_, 0))
)
But I think this whole credentials chain thing should be redesigned to support
Enabling/disabling providers
Retries for network-based providers
Error accumulation
Per-provider error summary when everything fails
The text was updated successfully, but these errors were encountered:
(follow up from DM with @Baccata)
This one is difficult to reproduce, but the issue can be summarised in this screenshot:
In short, using the default credentials provider seems to be brittle - even though the ECS endpoint env variable is present, for some reason getting credentials through that fails, and the error that bubbles up is for the credentials file.
My hunch is that actual source of the error is timeouts (e.g. during task start up, 1 second might not be enough) and lack of retries. My current workaround is to manually create a provider with desired logic:
But I think this whole credentials chain thing should be redesigned to support
The text was updated successfully, but these errors were encountered: