diff --git a/src/aws/auth.rs b/src/aws/auth.rs index 7185dde86c634..ec73bc97984bf 100644 --- a/src/aws/auth.rs +++ b/src/aws/auth.rs @@ -146,6 +146,15 @@ pub enum AwsAuthentication { /// Configuration for authenticating with AWS through IMDS. #[serde(default)] imds: ImdsAuthentication, + + /// The [AWS region][aws_region] to send STS requests to. + /// + /// If not set, this defaults to the configured region + /// for the service itself. + /// + /// [aws_region]: https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints + #[configurable(metadata(docs::examples = "us-west-2"))] + region: Option, }, } @@ -213,8 +222,14 @@ impl AwsAuthentication { AwsAuthentication::Default { load_timeout_secs, imds, + region, } => Ok(SharedCredentialsProvider::new( - default_credentials_provider(service_region, *load_timeout_secs, *imds).await?, + default_credentials_provider( + region.clone().map(Region::new).unwrap_or(service_region), + *load_timeout_secs, + *imds, + ) + .await?, )), } } @@ -294,10 +309,28 @@ mod tests { AwsAuthentication::Default { load_timeout_secs: Some(10), imds: ImdsAuthentication { .. }, + region: None, } )); } + #[test] + fn parsing_default_with_region() { + let config = toml::from_str::( + r#" + auth.region = "us-east-2" + "#, + ) + .unwrap(); + + match config.auth { + AwsAuthentication::Default { region, .. } => { + assert_eq!(region.unwrap(), "us-east-2"); + } + _ => panic!(), + } + } + #[test] fn parsing_default_with_imds_client() { let config = toml::from_str::( @@ -313,6 +346,7 @@ mod tests { config.auth, AwsAuthentication::Default { load_timeout_secs: None, + region: None, imds: ImdsAuthentication { max_attempts: 5, connect_timeout: CONNECT_TIMEOUT, diff --git a/src/sinks/aws_kinesis/firehose/integration_tests.rs b/src/sinks/aws_kinesis/firehose/integration_tests.rs index 0cfc348155ee4..8a46c57f83e14 100644 --- a/src/sinks/aws_kinesis/firehose/integration_tests.rs +++ b/src/sinks/aws_kinesis/firehose/integration_tests.rs @@ -75,6 +75,7 @@ async fn firehose_put_records() { auth: Some(ElasticsearchAuth::Aws(AwsAuthentication::Default { load_timeout_secs: Some(5), imds: ImdsAuthentication::default(), + region: None, })), endpoints: vec![elasticsearch_address()], bulk: BulkConfig { diff --git a/src/sinks/elasticsearch/integration_tests.rs b/src/sinks/elasticsearch/integration_tests.rs index 2adc6eec701a4..733cc1acaca22 100644 --- a/src/sinks/elasticsearch/integration_tests.rs +++ b/src/sinks/elasticsearch/integration_tests.rs @@ -262,6 +262,7 @@ async fn auto_version_aws() { auth: Some(ElasticsearchAuth::Aws(AwsAuthentication::Default { load_timeout_secs: Some(5), imds: ImdsAuthentication::default(), + region: None, })), endpoints: vec![aws_server()], aws: Some(RegionOrEndpoint::with_region(String::from("localstack"))), @@ -346,6 +347,7 @@ async fn insert_events_on_aws() { auth: Some(ElasticsearchAuth::Aws(AwsAuthentication::Default { load_timeout_secs: Some(5), imds: ImdsAuthentication::default(), + region: None, })), endpoints: vec![aws_server()], aws: Some(RegionOrEndpoint::with_region(String::from("localstack"))), @@ -368,6 +370,7 @@ async fn insert_events_on_aws_with_compression() { auth: Some(ElasticsearchAuth::Aws(AwsAuthentication::Default { load_timeout_secs: Some(5), imds: ImdsAuthentication::default(), + region: None, })), endpoints: vec![aws_server()], aws: Some(RegionOrEndpoint::with_region(String::from("localstack"))),