By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to use AWS_CONTAINER_CREDENTIALS_FULL_URI env variable on aws-otel-collector

0

Hi there, I'm trying to provide AWS credentials to aws-otel-collector using AWS_CONTAINER_CREDENTIALS_FULL_URI env variable. However, it doesn't work and doesn't give an explicit error message to troubleshoot. Before running aws-otel-collector, I append AWS_CONTAINER_CREDENTIALS_FULL_URI="http://localhost:42545/2016-11-01/credentialprovider/" to /opt/aws/aws-otel-collector/etc/.env Then, I run sudo systemctl start aws-otel-collector.

In my main.py file, I have the following initiator:

otlp_exporter = OTLPSpanExporter(endpoint="http://localhost:4317")
trace.set_tracer_provider(TracerProvider(active_span_processor=BatchSpanProcessor(otlp_exporter), id_generator=AwsXRayIdGenerator()))
tracer = trace.get_tracer(__name__)

After starting the main.py to produce some traces; I got the following error message from aws-otel-collector:

aws-otel-collector[27747]: 2023-07-26T16:53:29.753Z        warn        batchprocessor@v0.80.0/batch_processor.go:258        Sender failed        {"kind": "processor", "name": "batch/traces", "pipeline": "traces", "error": "NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"}

Questions:

  1. Am I missing any configuration steps to make aws-otel-collector work with AWS_CONTAINER_CREDENTIALS_FULL_URI env variable?
  2. How can I make sure that the SDK in the aws-otel-collector uses the AWS_CONTAINER_CREDENTIALS_FULL_URI env variable as expected?
  3. How can I turn on aws.Config.CredentialsChainVerboseErrors in aws-otel-collector (as recommended)? Do I need to compile my own aws-otel-collector?

**What I'm trying to do? ** I'm trying to use aws-otel-collector on an AWS IoT Greengrass device. When you need to allow your Greengrass components to interact with AWS services, you make it depend on the AWS-provided aws.greengrass.TokenExchangeService component. The component provides an environment variable, AWS_CONTAINER_CREDENTIALS_FULL_URI that should be used by the AWS SDK to get temporary credentials. This works out of the box with all SDKs after 2016.

References:

Environment:

  • AWS IoT Greengrass v2 running on Amazon Linux 2
  • aws-otel-collector is installed from https://aws-otel-collector.s3.amazonaws.com/amazon_linux/amd64/latest/aws-otel-collector.rpm, installed via sudo rpm -Uvh --force aws-otel-collector.rpm
Topics
Management & GovernanceDeveloper Tools
Tags
AWS Command Line InterfaceAWS X-RayMonitoring & LoggingMonitoring
Language
English
AWS
EmirAyarAWS
asked 10 months ago625 views
1 Answer
1
Accepted Answer

In order to use the credential endpoint you also need the AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable.

I would recommend that you do not run the otel collector via systemd, but you run the executable via a Greengrass component. In this way the otel process will have the up-to-date AWS_CONTAINER_CREDENTIALS_FULL_URI env variable when run.

The package manager installs the executable in /opt/aws/aws-otel-collector/bin/aws-otel-collector. You can run it with /opt/aws/aws-otel-collector/bin/aws-otel-collector --config /opt/aws/aws-otel-collector/etc/config.yaml

AWS
EXPERT
MassimilianoAWS
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content