Comments (6)
blablabla42
commented on July 4, 2024
I confirmed with following diff that using the default credentials provider exhibited the expected behaviour.
diff --git a/util/awsutil/amazon.go b/util/awsutil/amazon.go
index 5bf6f68..aa60c46 100644
--- a/util/awsutil/amazon.go
+++ b/util/awsutil/amazon.go
@@ -2,25 +2,12 @@ package awsutil
import (
"github.com/aws/aws-sdk-go/aws"
- "github.com/aws/aws-sdk-go/aws/credentials"
- "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
- "github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/pganalyze/collector/config"
)
func GetAwsSession(config config.ServerConfig) *session.Session {
- var creds *credentials.Credentials
-
- if config.AwsAccessKeyID != "" {
- creds = credentials.NewStaticCredentials(config.AwsAccessKeyID, config.AwsSecretAccessKey, "")
- } else {
- creds = credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{
- Client: ec2metadata.New(session.New()),
- })
- }
-
- return session.New(&aws.Config{Credentials: creds, Region: aws.String(config.AwsRegion)})
+ return session.New(&aws.Config{Region: aws.String(config.AwsRegion)})
}from collector.
lfittl
commented on July 4, 2024
Hi @blablabla42 - So just to confirm, you would then want to place the AWS credentials in the home directory of the pganalyze user?
(in the typical package-based setup there would be a dedicated pganalyze user)
I'm okay with supporting the config file here, however we'd need to maintain compatibility with specifying the access key in the config variables (i.e. not remove that logic altogether)
from collector.
blablabla42
commented on July 4, 2024
So just to confirm, you would then want to place the AWS credentials in the home directory of the pganalyze user?
Yeap, that's correct.
I'm okay with supporting the config file here, however we'd need to maintain compatibility with specifying the access key in the config variables (i.e. not remove that logic altogether)
Correct, the diff above doesn't address that. I think it's doable by modifying the default credentials chain to add the newStaticCredentials instead of overwriting the credentials chain.
from collector.
mgood
commented on July 4, 2024
It looks like if you just delete the else block it will leave cred = nil, which should have the intended effect.
Can you please also update the vendored SDK to support the latest credential chain? We're running the collector on ECS, so this would allow it to pick up the task role automatically.
from collector.
mgood
commented on July 4, 2024
To clarify, using the default credential chain would not only allow using ~/.aws/credentials, but also other standard ways the AWS SDK detects the credentials, including the EC2 and ECS metadata (which have different endpoints), and other mechanisms AWS may add in the future. So, this would be an extremely useful update.
from collector.
lfittl
commented on July 4, 2024
@mgood @blablabla42 Committed that change to master in 199630b and 3b9a829 - will make a new release soon that includes that.
Thanks for your input on this!
from collector.
Related Issues (20)
- Documentation/support for Google Cloud SQL Auth Proxy or Connector HOT 2
- Update collector README to reference pg_monitor role for setup instructions HOT 3
- Handle read-only filesystem gracefully HOT 1
- Make IdentifierMap cache TTL configurable HOT 3
- Could not collect activity for server HOT 8
- Unable to DB_USE_IAM_AUTH with aws RDS instance HOT 4
- Error calling pg_stat_statements_reset() as requested intermittently HOT 2
- Regular collector oom-kill at midnight UTC on Sundays HOT 1
- Publish Docker image to ECR public registry HOT 1
- Error to send snapshots HOT 2
- Upgrade go.uuid module HOT 3
- Missing image for v0.50.1 HOT 2
- Additional security settings for pganalyze collector HOT 3
- Add rudimentary test suite for Helm chart
- Debian build uses EOL version HOT 1
- Error: Failed to reload collector HOT 1
- OTEL connector - can it support Datadog APM traces for PostgreSQL HOT 1
- OTEL connector - can it support Datadog?
- Feature request: Add DB_PASSWORD_FILE or similar HOT 1
- Regarding SSO login HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from collector.