Adding AWS Key & Secret to fluentd s3 plugin #1709
Draft
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The current
fluentd.s3.role_arn
andfluentd.s3.role_session_name
config values (which uses<assume_role_credentials>
in the s3 log store) is only possible with Astronomer running in AWS since only something running in AWS can assume an AWS IAM role. If Astronomer is not running in AWS these new config valuesaws_key_id
andaws_sec_key
will allow the option of using AWS Key & Secret of an IAM User instead.See https://github.com/fluent/fluent-plugin-s3/blob/master/docs/credentials.md for fluentd s3 plugin's documentation example of using
aws_key_id
andaws_sec_key
in the plugin.Related Issues
None
Testing
To test use the following fluentd config with
aws_key_id
andaws_sec_key
in place ofrole_arn
androle_session_name
:FYI, in an Astronomer deployment in Azure I have been successfully been using the config value
fluentd.extraLogStores
to use a custom s3 log store that has withaws_key_id
andaws_sec_key
in place of the<assume_role_credentials>
section like so and it successfully saves log files in the S3 bucket (I did it this way because I did not quite know how to deploy a customized Astronomer chart into my Azure AKS cluster. Once this PR's change is released I will use that instead):Merging
Do not merge this PR until it lists which release branches this PR should be merged / cherry-picked into.