Hi! I’m running on EKS. Isn’t aws-api supposed to just pick up my instance role? Or must I do something special? Amazonica seems to work fine
# Using:
# com.cognitect.aws/api {:mvn/version "0.8.686"}
# com.cognitect.aws/endpoints {:mvn/version "1.1.12.504"}
{
"cognitect.anomalies/category": "cognitect.anomalies/fault",
"cognitect.anomalies/message": "Unable to fetch credentials. See log for more details."
}
(I verified that my instance role is reasonable, by having my Clojure program call IMDSv2)
BTW it printed nothing to the k8s pod’s logs…This sounds like the same issue as https://github.com/cognitect-labs/aws-api/issues/243. tl;dr - aws-api does not (yet) support IMDSv2. If so, then yeah we're aware of it but don't have a timetable on a fix yet. Sorry, I wish I had a better answer for you.
Ahhh thanks! I suppose pull requests aren’t desired?
Yeah - not that they're not desired, but we just don't have a policy and process in place currently to accept them. (Personally I hope we change that soon.)
Could I simply create a cognitect.aws.credentials/CredentialsProvider that handles IMDSv2?
(That’s my understanding of the https://github.com/cognitect-labs/aws-api/blob/main/examples/assume_role_example.clj mentioned in the readme)
I coded it up & will test tomorrow on amazon linux 2023
> Could I simply create a cognitect.aws.credentials/CredentialsProvider that handles IMDSv2?
I believe that's what is required, yes.
Hokie dokie, for anyone hit by the aws-api problem under Amazon Linux 2023, here’s a wee workaround: https://github.com/cognitect-labs/aws-api/issues/243#issuecomment-1793615398