amazon-kinesis-agent icon indicating copy to clipboard operation
amazon-kinesis-agent copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Agent can't send data to VPC endpoint for Kinesis Data Firehose

Open rkosyk-newfire opened this issue 5 years ago • 4 comments

I have the latest version of aws-kinesis-agent on Amazon Linux 1 installed and it can successfully send data to the default public firehouse endpoint "firehose.endpoint": "firehose.us-east-1.amazonaws.com" But if I try to send data to my VPC endpoint for Kinesis Data Firehose "firehose.endpoint": "vpce-0ee422b7e0f2d75a5-c47g84kf.firehose.us-east-1.vpce.amazonaws.com" it fails with the error: [ERROR] AsyncPublisher[fh:emr_delivery_stream:/tmp/app.log*]:RecordBuffer(id=2,records=1,bytes=4) Retriable send error (com.amazonaws.services.kinesisfirehose.model.AmazonKinesisFirehoseException: Credential should be scoped to a valid region, not 'vpce'. (Service: AmazonKinesisFirehose; Status Code: 400; Error Code: InvalidSignatureException; Credential should be scoped to a valid region, not 'vpce'

Has anyone dealt with this situation before ? looking to hear about some solutions.

rkosyk-newfire avatar Jan 11 '20 11:01 rkosyk-newfire

any workarounds?

thesunmin avatar Dec 12 '20 13:12 thesunmin

@thesunmin As a temporary solution, I have added to the file /etc/hosts one record:

192.168.255.191 firehose.us-east-1.amazonaws.com

Now public endpoint firehose.us-east-1.amazonaws.com locally points to my VPC endpoint IP 192.168.255.191, and it works.

rkosyk-newfire avatar Dec 14 '20 11:12 rkosyk-newfire

@rkosyk-newfire Thank you!!

thesunmin avatar Dec 24 '20 05:12 thesunmin

See Commit a44e373f5b0a7470522188b92d65cf7d050ca904

They recently just merged a fix that allows you to pass region when using a private custom dns endpoint.

tall3n avatar Jan 15 '21 04:01 tall3n