Support IAM roles for service accounts in AWS EKS #1241
Description
Issue #1019 and #1182 did not include all of the requirements to support IAM roles for service accounts in AWS EKS. This is due to coretex using session.New instead of session.NewSession. I have opened an issue in the coretex project. A workaround is to add the following env var to the Loki pod
AWS_SDK_LOAD_CONFIG=1
To Reproduce
- Deploy Loki in EKS using IAM roles for service accounts using DynamoDB and S3 storage
Expected behavior
Loki can connect to S3 and DynamoDB.
Environment:
- Infrastructure: EKS
- Deployment tool: helm/argo-cd
The following errors show up in the logs.
level=info ts=2019-11-08T10:23:10.089802001Z caller=table_manager.go:220 msg="synching tables" expected_tables=1
level=error ts=2019-11-08T10:23:10.09039794Z caller=table_manager.go:179 msg="error syncing tables" err="NoCredentialProviders: no valid providers
in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"