-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Java SDK and add aws-java-sdk-sts library inside jar #80
Comments
I will update the AWS SDK to latest ASAP!
Sorry, I'm a tad confused by this. Why does the agent need STS in its classpath to perform instrumentation? If your application uses that library to make requests they should still be captured by the agent (once the version is udpated at least). |
Hi @willarmiros, yeah I supposed that too, but if I run the pod without the xray agent it works perfectly for example calling dynamodDB tables using the serviceaccount role, but when I implemented the xray agent the pod takes the role of the EC2 instance instead of serviceaccount, so I decided to modify the xray java agent build.gradle files adding the aws-java-sdk-sts and it worked!. Thanks! |
Are you calling an API to assume this role or does the AWS SDK somehow auto-assume a role based on the environment? Any documentation that describes your use case would be great. Apologies I'm pretty unfamiliar with how STS roles work in an EKS environment, and this is obviously something that couldn't be easily reproduced locally. |
Hi @willarmiros, We are using in our spring boot app to connect for example to DynamoDB with the DefaultAWSCredentialsProvider. Doc that says the next: AWS credentials provider chain that looks for credentials in this order:
If we don't use the xray java agent it works because it takes the ServiceAccount role with the Web Identity Token credentials (3), for that we had to include in our pom.xml the aws-java-sdk-sts dependency. doc If we don't use that library it goes fall down until get the instance profile credentials (5). If we use the xray java agent it goes fall down until get the instance profile credentials(5), so to fix that I modified the xray java agent build.gradle files and included the aws-java-sdk-sts dependency and it worked. Thx. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs in next 7 days. Thank you for your contributions. |
@willarmiros, @camiloandresforero Our team is coming across similar issue, in that we are utilizing service account to assume the role of using AWS resources per app. When we solely use this for KMS (w/ aws-java-sdk-sts), app seem to work fine. However when we use xray auto agent and KMS at the same time, KMS is unable to authenticate and have following error.
This only happens when xray auto agent + KMS are implemented at the same time, where when the request is made, exception is thrown. We've tried to add |
Hi @jinwoov We had to modify the next files:
Just add the next dependency in those files
and recompile the java agent with the guide https://github.com/aws/aws-xray-java-agent#building-from-source. |
@camiloandresforero Thank you so much for sharing that. It seems to work for us as well. |
I just hit exactly the same issue. I spent like a couple hours - trying to figure out culprit. I'm not entirely sure - why it is affecting. Probably version mismatch. And it can't load bundled sts ... or something along those lines. It is very unfortunate. Probably good idea would be shading everything what is packed in agent. update: Actually I give up. SLF4J stopped working, I added logback into deps, logging started working, but then it was somehow missing default configuration. Then I had those errors with segments etc. Overall experience compared to other APM's I use, is day and night. It is not a first time I integrate APM. Most of Java APM's works just by adding -javaagent and no conflicts no impacted functionality of main app. Just works. This one - somehow messes things up completely. |
Hi all, Thank you for raising these concerns. Unfortunately we will not be able to bundle the AWS SDK STS client module with the java agent out-of-the-box, since it raises too many concerns with dependency conflicts and version incompatibility as newer versions are released. This dependency would also be deadweight for AWS SDK v2 users. I would strongly recommend checking out the AWS Distro for OpenTelemetry Java auto-instrumentation agent. It has first-class support for X-Ray and is built with a larger and more robust community to ensure such problems don't arise. You can find documentation to get started here. |
Hi,
Currently we are implementing the AWS X-Ray auto-instrumentation agent for Java for a Spring project inside EKS, but we had problems executing the spring microservices for two reasons:
We hope you can update the aws-xray-java-agent with those changes :)
Thanks!
The text was updated successfully, but these errors were encountered: