amazon-cloudwatch-agent icon indicating copy to clipboard operation
amazon-cloudwatch-agent copied to clipboard

Published 20 hours ago verified publisher icon aws

CW Agent does not appear to acknowledge AWS_CONTAINER_CREDENTIALS_RELATIVE_URI

Open kory opened this issue 2 years ago • 3 comments

We're trying to get an AWS Cloudwatch Agent running in our Ubuntu docker container running on ECS.

In my env on ECS, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set, and other processes are using it successfully. I do not have a credential file. Per the default credential provider chain, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI should be read periodically for the correct CloudWatch access credentials.

Instead, when I run /opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent, I see will use file based credentials provider. The agent proceeds to exclusively try to read a credentials file rather than reading the env URL above.

Is there some setting I am missing, or does CW Agent not read the above environment variable? If it does not, could it be updated to read these credentials per the above link?

It looks like a similar question was asked in https://github.com/aws/amazon-cloudwatch-agent/issues/140, but it appears to have been closed without acknowledging support for the above method to retrieve credentials. Is the above credential flow not supported? Hoping to get clarity here.

Thank you!

kory avatar Aug 22 '22 22:08 kory

How are you getting the agent on the container? Are you using your own Dockerfile to get the agent and install/run it?

SaxyPandaBear avatar Aug 25 '22 12:08 SaxyPandaBear

I'm using my own dockerfile to install the agent:

# Cloudwatch agent
RUN wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
RUN apt install ./amazon-cloudwatch-agent.deb
RUN rm amazon-cloudwatch-agent.deb

I actually seem to be hitting this issue: https://github.com/aws/amazon-cloudwatch-agent/issues/118 If I force the CW agent to act like it's running on EC2 with the env variable discussed in that issue, the agent seems to pick up the environment successfully. But by default on ECS Fargate, it does not pick up my environment and acts like I'm running on-prem.

kory avatar Aug 25 '22 15:08 kory

Why do you not run in ecs fargate with our samples?

sethAmazon avatar Sep 27 '22 21:09 sethAmazon

This issue was marked stale due to lack of activity.

github-actions[bot] avatar Dec 29 '22 00:12 github-actions[bot]

Closing this because it has stalled. Feel free to reopen if this issue is still relevant, or to ping the collaborator who labeled it stalled if you have any questions.

github-actions[bot] avatar Jan 29 '23 00:01 github-actions[bot]