You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am am unable to assume a role all of a sudden from my daemonset/EKS application. The fluentbit application is trying to assume a role in a different account so it can write the logs to a bucket there. I am seeing this error recently without knowing what changed to cause this error. I appreciate any feedback on this.
fluentBitChartVersion=0.46.7
fluentBitImageRepo=fluent/fluent-bit
fluentBitImageTag=2.2.0
fluentBitChartName=fluent-bit
[2024/05/26 19:19:42] [ info] [aws_client] auth error, refreshing creds
[2024/05/26 19:19:42] [error] [aws_credentials] Shared credentials file /root/.aws/credentials does not exist
[2024/05/26 19:19:42] [error] [aws_credentials] STS assume role request failed
[2024/05/26 19:19:42] [ warn] [aws_credentials] No cached credentials are available and a credential refresh is already in progress. The current co-routine will retry.
[2024/05/26 19:19:42] [error] [signv4] Provider returned no credentials, service=s3
[2024/05/26 19:19:42] [error] [aws_client] could not sign request
[2024/05/26 19:19:42] [error] [aws_credentials] STS assume role request failed
The text was updated successfully, but these errors were encountered:
@PettitWesley I am seeing the same issue as this one (Fluent Bit 1.6 - ES Plugin: Failed to source credential on Amazon EKS IAM Roles for Service Account #2714). Could the bug have been re-introduced?
I am able to send to S3, but not able to assume the role.
Here is another snippet of debug outputs
[2024/05/26 20:19:48] [debug] [upstream] KA connection #77 to s3.us-east-2.amazonaws.com:443 has been assigned (recycled)
[2024/05/26 20:19:48] [debug] [http_client] not using http_proxy for header
[2024/05/26 20:19:48] [debug] [aws_credentials] Requesting credentials from the STS provider..
[2024/05/26 20:19:48] [debug] [aws_credentials] STS Provider: Refreshing credential cache.
[2024/05/26 20:19:48] [debug] [aws_credentials] Calling STS..
[2024/05/26 20:19:48] [debug] [upstream] KA connection #343 to sts.us-east-2.amazonaws.com:443 has been assigned (recycled)
[2024/05/26 20:19:48] [debug] [http_client] not using http_proxy for header
[2024/05/26 20:19:48] [debug] [aws_credentials] Requesting credentials from the EKS provider..
[2024/05/26 20:19:48] [debug] [task] destroy task=0x7fd750366f00 (task_id=0)
[2024/05/26 20:19:48] [debug] [task] created task=0x7fd750366f00 id=0 without routes, dropping.
[2024/05/26 20:19:48] [debug] [task] destroy task=0x7fd750366f00 (task_id=0)
[2024/05/26 20:19:48] [debug] [task] created task=0x7fd750366f00 id=0 without routes, dropping.
[2024/05/26 20:19:48] [debug] [task] destroy task=0x7fd750366f00 (task_id=0)
[2024/05/26 20:19:48] [debug] [aws_client] sts.us-east-2.amazonaws.com: http_do=0, HTTP Status: 403
[2024/05/26 20:19:48] [debug] [upstream] KA connection #343 to sts.us-east-2.amazonaws.com:443 is now available
[2024/05/26 20:19:48] [debug] [aws_client] Unable to parse API response- response is not valid JSON.
[2024/05/26 20:19:48] [debug] [aws_credentials] STS raw response:
I am am unable to assume a role all of a sudden from my daemonset/EKS application. The fluentbit application is trying to assume a role in a different account so it can write the logs to a bucket there. I am seeing this error recently without knowing what changed to cause this error. I appreciate any feedback on this.
fluentBitChartVersion=0.46.7
fluentBitImageRepo=fluent/fluent-bit
fluentBitImageTag=2.2.0
fluentBitChartName=fluent-bit
My output:
The error from logs with debug on:
The text was updated successfully, but these errors were encountered: