Skip to content

chore(aws provider, external_docs): Update the AWS authentication documentation #18492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jszwedko merged 2 commits into from
Sep 8, 2023
Merged

chore(aws provider, external_docs): Update the AWS authentication documentation #18492

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d8fb18a
chore(aws provider, external_docs): Update the AWS authentication doc…
jszwedko Sep 6, 2023
e555493
Update website/cue/reference/components/aws.cue
jszwedko Sep 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions website/cue/reference/components/aws.cue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,16 +196,26 @@ components: _aws: {
body: """
Vector checks for AWS credentials in the following order:

1. The [`auth.access_key_id`](#auth.access_key_id) and [`auth.secret_access_key`](#auth.secret_access_key) options.
2. The [`AWS_ACCESS_KEY_ID`](#auth.access_key_id) and [`AWS_SECRET_ACCESS_KEY`](#auth.secret_access_key) environment variables.
3. The [AWS credentials file](\(urls.aws_credentials_file)) (usually located at `~/.aws/credentials`).
4. The [IAM instance profile](\(urls.iam_instance_profile)) (only works if running on an EC2 instance
1. The [`auth.access_key_id`](#auth.access_key_id) and
[`auth.secret_access_key`](#auth.secret_access_key) options.
2. The [`AWS_ACCESS_KEY_ID`](#auth.access_key_id) and
[`AWS_SECRET_ACCESS_KEY`](#auth.secret_access_key) environment variables.
3. In [Web Identity
Token](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html)
credentials from the environment or container (including EKS). These credentials
will automatically refresh when expired.
4. [ECS credentials (IAM roles for
tasks)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
These credentials will automatically refresh when expired.
5. As entries in the credentials file in the `.aws` directory in your home directory
(`~/.aws/credentials` on Linux, OS X, and Unix; `%userprofile%\\.aws\\credentials`
on Microsoft Windows).
6. Using a named profile specified in the credentials file via the AWS_PROFILE environment variable.
7. The [IAM instance profile](\(urls.iam_instance_profile)) (only works if running on an EC2 instance
with an instance profile/role). Requires IMDSv2 to be enabled. For EKS, you may need to increase the
metadata token response hop limit to 2.
metadata token response hop limit to 2. These credentials will automatically refresh when expired.

If no credentials are found, Vector's health check fails and an error is [logged](\(urls.vector_monitoring)).
If your AWS credentials expire, Vector will automatically search for up-to-date
credentials in the places (and order) described above.
"""
sub_sections: [
{
Expand Down