-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Output Cloudwatch Logs not using Region #11963
Comments
Hi, What are you using for credentials to log in to AWS? The typical config stanza includes the following options: ## Amazon Credentials
## Credentials are loaded in the following order
## 1) Web identity provider credentials via STS if role_arn and
## web_identity_token_file are specified
## 2) Assumed credentials via STS if role_arn is specified
## 3) explicit credentials from 'access_key' and 'secret_key'
## 4) shared profile from 'profile'
## 5) environment variables
## 6) shared credentials file
## 7) EC2 Instance Profile
# access_key = ""
# secret_key = ""
# token = ""
# role_arn = ""
# web_identity_token_file = ""
# role_session_name = ""
# profile = ""
# shared_credential_file = "" Are you certain whatever credentials you are using also have access to that region? Thanks! |
Hello! I am closing this issue due to inactivity. I hope you were able to resolve your problem, if not please try posting this question in our Community Slack or Community Page. Thank you! |
@alec-medcrypt did you solve this? having the same issue. I am using these options:
The very same config is working on my local desktop, but not working on IoT arm device. Exactly the same behaviour as you described. On my local desktop I have the AWS CLI, on the IoT device I don't have it. |
Hmm, I figure it out. Even tho I have correctly setup the aws region in the config file via |
Can we re-open this issue please? agree with @starek4 - unless i'm missing something else, I also found out that setting up the If it is required to set the env variable then that defeats purpose of having the |
Can you find what the last working version of telegraf was so we can look at what changed? Looking at the AWS credentials.go, we set the region based on the value in the toml if no RoleARN was set. |
I'm using the latest version and I'm using profile credentials. Not sure about @starek4 - what credentials method you using? The error we're seeing appears to be from the go aws sdk:
However, irrespective i had a look at the lines of code you referenced. Tbh, I don't really understand Go and no proficient in it but doesn't the following code reads "try load options into options variable and if error, execute ... which if my reading of the code is correct then means the region will never get set assuming load options is successful.
Shouldn't it be something like this instead?
|
I am using the access key and secret key combination. And also the latest version, just the version for armhf (arm32v7). |
No, this is a common pattern. Essentially the client (telegraf) builds an array of options, like connection time outs, credentials to load, etc. and passes that entire array of options to the connect call. Then in this case the AWS library will load all those options, set up the necessary settings and then connect. You can see examples of this in the AWS SDK for Go v2 Configuration page. There they explain that we can set the region in one of two ways, either how we are with On Monday, I'll build a custom version of telegraf and we can see what your platforms are reporting. |
|
@colinbut - is Can you show the same example but with the AWS region set via the environment? |
Yes i'm using Here's the log with region set as env var:
*note i've masked certain data to preserve my company's ip but the logs clearly show it can connect to the outputs.cloudwatch_logs output plugin. |
I'm thinking this is worth an upstream issue then. Both scenarios appear to load a config using the correct region and you appear to have permissions for the region. Nothing appears to be obviously wrong when we make the request. Can you file an issue at the upstream issue: https://github.com/aws/aws-sdk-go-v2/issues |
I can certainly try... Agree, it appears to be the go aws sdk could be the problem if the code what you say is as what you expect. Have raised issue on aws-sdk-go-v2 - aws/aws-sdk-go-v2#2260 |
for anyone encountering this problem also, the workaround for time being is to simply invoke telegraf by supplying the AWS Region as env var, e.g.
Alternatively, if managing this via systemd, can edit the default service file: e.g.
|
Thanks for raising the issue with them. I have responded on the thread as well. |
i now get a different error:
|
Two questions as I'm not sure I follow the limited logs:
|
just like last time, it is one single run. I'm running the telegraf within EC2 instance that has a docker container running inside it. Therefore, I'm using the My telegraf config:
|
@powersj Hi, just wondering whether there is any update regarding this matter since it's been nearly 6 months lapsed. I can see the last activity is your commit of adding debug logs? to an open branch of yours ? |
Hi, I have no update as I have not looked into this further. There was a branch that you were testing to help me try to understand what was going on, but I am not sure anything was learned from that. Additionally, when we asked upstream for help their opinion was for us to use a debugger. Which means the next steps are either I or someone else will need to somehow reproduce this and walk through what may or may not be going on. There is a workaround via the environment variable, which is nice, but I understand it is not ideal. I can add this back to my list as I did forget about it, but it could be faster if someone with more knowledge of AWS tried to as well. |
I have a telegraf config setup on a node without the AWS CLI installed. Below is the config:
`# Generic, basic /usr/local/etc/telegraf.conf file for FreeBSD
Gathers some basic metrics and transmits them to cloudwatch
Be sure to set the region below
[agent]
interval = "10s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
precision = ""
debug = false
quiet = false
logfile = "/var/log/telegraf/telegraf.log"
hostname = ""
omit_hostname = false
[[processors.aws_ec2]]
imds_tags = ["instanceId"]
[[inputs.tail]]
name_override = "app_logs"
files = ["/var/log/app/*.log"]
data_format = "grok"
grok_patterns = ['%{GREEDYDATA:message}']
[[outputs.cloudwatch_logs]]
region = "us-east-2"
log_group = "/namespace/env/app"
log_stream = "tag:instanceId"
log_data_metric_name = "app_logs"
log_data_source = "field:message"`
I am getting the following errors:
2022-10-07T17:16:36Z E! [telegraf] Error running agent: connecting output outputs.cloudwatch_logs: Error connecting to output "outputs.cloudwatch_logs": operation error CloudWatch Logs: DescribeLogGroups, failed to resolve service endpoint, an AWS region is required, but was not found 2022-10-07T17:16:37Z E! [agent] Failed to connect to [outputs.cloudwatch_logs], retrying in 15s, error was 'operation error CloudWatch Logs: DescribeLogGroups, failed to resolve service endpoint, an AWS region is required, but was not found'
The text was updated successfully, but these errors were encountered: