Fork me on GitHub
Slack Archive

This page is not created by, affiliated with, or supported by Slack Technologies, Inc.

2023-11-02

Channels

#aws
<
2023-11-02
>
tjg23:11:03

Hi! I’m running on EKS. Isn’t aws-api supposed to just pick up my instance role? Or must I do something special? Amazonica seems to work fine 

# Using:
# com.cognitect.aws/api       {:mvn/version "0.8.686"}
# com.cognitect.aws/endpoints {:mvn/version "1.1.12.504"}

{
  "cognitect.anomalies/category": "cognitect.anomalies/fault",
  "cognitect.anomalies/message": "Unable to fetch credentials. See log for more details."
}
(I verified that my instance role is reasonable, by having my Clojure program call IMDSv2) BTW it printed nothing to the k8s pod’s logs…

scottbale20:11:44

This sounds like the same issue as https://github.com/cognitect-labs/aws-api/issues/243. tl;dr - aws-api does not (yet) support IMDSv2. If so, then yeah we're aware of it but don't have a timetable on a fix yet. Sorry, I wish I had a better answer for you.

tjg20:11:22

Ahhh thanks! I suppose pull requests aren’t desired?

scottbale20:11:45

Yeah - not that they're not desired, but we just don't have a policy and process in place currently to accept them. (Personally I hope we change that soon.)

👍 1
tjg01:11:15

Could I simply create a cognitect.aws.credentials/CredentialsProvider that handles IMDSv2? (That’s my understanding of the https://github.com/cognitect-labs/aws-api/blob/main/examples/assume_role_example.clj mentioned in the readme)

tjg03:11:34

I coded it up & will test tomorrow on amazon linux 2023

scottbale22:11:56

> Could I simply create a cognitect.aws.credentials/CredentialsProvider that handles IMDSv2? I believe that's what is required, yes.

tjg02:11:31

Hokie dokie, for anyone hit by the aws-api problem under Amazon Linux 2023, here’s a wee workaround: https://github.com/cognitect-labs/aws-api/issues/243#issuecomment-1793615398

thanks3 1