AWS Cloudwatch Input Credentials #1078
Comments
|
In fact, the default credential chain should just be used - https://github.com/aws/aws-sdk-go/blob/master/aws/defaults/defaults.go#L84 |
|
I agree we should just use the default, I will change that, thanks for the report |
sparrc
added a commit
that referenced
this issue
Apr 22, 2016
sparrc
added a commit
that referenced
this issue
Apr 22, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The credential chain being used for the AWS Cloudwatch input will cause issues for people when deploying on a EC2 instance.
Specifically, having the EC2RoleProvider be the first provide in the chain (https://github.com/influxdata/telegraf/blob/master/plugins/inputs/cloudwatch/cloudwatch.go#L159) will force the credentials always use the IAM role when on EC2 with no ability to override the credentials by using the environment variables.
The Ec2RoleProvider should be the last role in the chain. This way, you simply do not provide the envvars and it will fall through to the IAM profile, but you can override it by supplying the proper environment variables.
The text was updated successfully, but these errors were encountered: