AWS_CONTAINER_CREDENTIALS_FULL_URI environment variable is not respected when setΒ #811
Description
We are trying to use FluentBit in an AWS IoT Greengrass Component to log to Cloudwatch. The way Greengrass Components authenticate to AWS services is through a Token Exchange Service (which is another Greengrass component) running on the same device. In order to have code using the AWS SDKs be able to ask this service for credentials, an environment variable named AWS_CONTAINER_CREDENTIALS_FULL_URI can be set. Unfortunately aws-for-fluent-bit (or at least the cloudwatch_logs plugin part of it) does not seem to detect the presence of this variable, and instead only looks for AWS_CONTAINER_CREDENTIALS_RELATIVE_URI, which doesn't work for the purposes of using anything running on the local device instead of in AWS.
Example invocation with environment variables passed:
env | grep -i aws
AWS_GG_NUCLEUS_DOMAIN_SOCKET_FILEPATH=/path/to/ipc.socket
AWS_CONTAINER_CREDENTIALS_FULL_URI=http://localhost:33925/2016-11-01/credentialprovider/
AWS_DEFAULT_REGION=us-east-1
AWS_REGION=us-east-1
AWS_GG_NUCLEUS_DOMAIN_SOCKET_FILEPATH_FOR_COMPONENT=/path/to/ipc.socket
AWS_CONTAINER_AUTHORIZATION_TOKEN=REDACTED
...
fluent-bit/bin/fluent-bit -i cpu -o cloudwatch_logs -p region=us-east-1 -p log_group_name=group_name -p log_stream_prefix=stream_prefix -p role_arn=[REDACTED] -vvv
Relevant log output:
[2024/04/24 22:13:28] [debug] [aws_credentials] Not initializing ECS Provider because AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is not set
Running commands in the same container that use the AWS SDK (like a boto request to S3) do successfully detect and use the AWS_CONTAINER_CREDENTIALS_FULL_URI environment variable, and are able to aqcuire the necessary credentials to talk to AWS services.