[Bug] Fixed SigV4 Signer not Automatically Injecting Security Token Header (#186)

liustve · web-flow · commit 962d36f813a6 · 2025-03-18T13:19:26.000-07:00
diff --git a/src/AWS.Distro.OpenTelemetry.AutoInstrumentation/OtlpAwsSpanExporter/OtlpAwsSpanExporter.cs b/src/AWS.Distro.OpenTelemetry.AutoInstrumentation/OtlpAwsSpanExporter/OtlpAwsSpanExporter.cs
@@ -174,13 +174,9 @@ private async Task<IRequest> GetSignedSigV4Request(byte[] content)
             HttpMethod = "POST",
             ContentStream = new MemoryStream(content),
             Endpoint = this.endpoint,
+            SignatureVersion = SignatureVersion.SigV4,
         };
 
-        request.Headers.Add("Host", this.endpoint.Host);
-        request.Headers.Add("content-type", ContentType);
-
-        ImmutableCredentials credentials = await this.authenticator.GetCredentialsAsync();
-
         AmazonXRayConfig config = new AmazonXRayConfig()
         {
             AuthenticationRegion = this.region,
@@ -189,6 +185,18 @@ private async Task<IRequest> GetSignedSigV4Request(byte[] content)
             RegionEndpoint = RegionEndpoint.GetBySystemName(this.region),
         };
 
+        ImmutableCredentials credentials = await this.authenticator.GetCredentialsAsync();
+
+        // Need to explictily add this for using temporary security credentials from AWS STS.
+        // SigV4 signing library does not automatically add this header.
+        if (credentials.UseToken && credentials.Token != null)
+        {
+            request.Headers.Add("x-amz-security-token", credentials.Token);
+        }
+
+        request.Headers.Add("Host", this.endpoint.Host);
+        request.Headers.Add("content-type", ContentType);
+
         this.authenticator.Sign(request, config, credentials);
 
         return request;
@@ -210,7 +218,7 @@ internal class RetryHelper
     // This is to ensure there is no flakiness with the number of times spans are exported in the retry window. Not part of the upstream's implementation
     private const int BufferWindow = 20;
     private static readonly ILoggerFactory Factory = LoggerFactory.Create(builder => builder.AddProvider(new ConsoleLoggerProvider()));
-    private static readonly ILogger Logger = Factory.CreateLogger<RetryHelper>();
+    private static readonly ILogger Logger = Factory.CreateLogger<OtlpAwsSpanExporter>();
 
 #if !NET6_0_OR_GREATER
     private static readonly Random Randomizer = new Random();
@@ -235,7 +243,7 @@ internal class RetryHelper
             {
                 if (HasDeadlinePassed(deadline, 0))
                 {
-                    Logger.LogInformation("Timeout of {Deadline}ms reached, stopping retries", deadline.Millisecond);
+                    Logger.LogDebug("Timeout of {Deadline}ms reached, stopping retries", deadline.Millisecond);
                     return response;
                 }
 
@@ -275,12 +283,12 @@ internal class RetryHelper
                     delayDuration = TimeSpan.FromMilliseconds(GetRandomNumber(0, currentDelay));
                 }
 
-                Logger.LogInformation("Spans were not exported with status code: {StatusCode}. Checking to see if retryable again after: {DelayMilliseconds} ms", response.StatusCode, delayDuration.Milliseconds);
+                Logger.LogDebug("Spans were not exported with status code: {StatusCode}. Checking to see if retryable again after: {DelayMilliseconds} ms", response.StatusCode, delayDuration.Milliseconds);
 
                 // If delay exceeds deadline. We drop the http requesst completely.
                 if (HasDeadlinePassed(deadline, delayDuration.Milliseconds))
                 {
-                    Logger.LogInformation("Timeout will be reached after {Delay}ms delay. Dropping Spans with status code {StatusCode}.", delayDuration.Milliseconds, response.StatusCode);
+                    Logger.LogDebug("Timeout will be reached after {Delay}ms delay. Dropping Spans with status code {StatusCode}.", delayDuration.Milliseconds, response.StatusCode);
                     return response;
                 }
 
@@ -298,14 +306,14 @@ internal class RetryHelper
                     currentDelay = CalculateNextRetryDelay(currentDelay);
                     if (!HasDeadlinePassed(deadline, delayDuration.Milliseconds))
                     {
-                        Logger.LogInformation("{@ExceptionMessage}. Retrying again after {@Delay}ms", exceptionName, delayDuration.Milliseconds);
+                        Logger.LogDebug("{@ExceptionMessage}. Retrying again after {@Delay}ms", exceptionName, delayDuration.Milliseconds);
 
                         await Task.Delay(delayDuration);
                         continue;
                     }
                 }
 
-                Logger.LogInformation("Timeout will be reached after {Delay}ms delay. Dropping spans with exception: {@ExceptionMessage}", delayDuration.Milliseconds, e);
+                Logger.LogDebug("Timeout will be reached after {Delay}ms delay. Dropping spans with exception: {@ExceptionMessage}", delayDuration.Milliseconds, e);
                 throw;
             }
         }
