Cannot get IAM role when running on AWS ECS FARGATE

  • What Grafana version and what operating system are you using?

v8.5.3 on ECS FARGATE

  • What are you trying to achieve?

Setup a Cloudwatch datasource base on IAM instance role

  • What happened?

Grafana only looks for IAM credentials in EC2 metadata endpoint (http://169.254.169.254/latest/meta-data/iam/security-credentials/) and does not try on ECS FARGATE metadata endpoint ( $ECS_CONTAINER_METADATA_URI or $ECS_CONTAINER_METADATA_URI_V4 from env vars).

  • What did you expect to happen?

Grafana to try both EC2 instance metadata AND ECS FARGATE metadata.

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

CloudWatch metrics query failed: EC2RoleRequestError: no EC2 instance role found caused by: RequestError: send request failed caused by: Get “http://169.254.169.254/latest/meta-data/iam/security-credentials/”: dial tcp 169.254.169.254:80: connect: invalid argument 2. CloudWatch logs query failed: EC2RoleRequestError: no EC2 instance role found caused by: RequestError: send request failed caused by: Get “http : // 169.254.169.254/latest/meta-data/iam/security-credentials/”: dial tcp 169.254.169.254:80: connect: invalid argument

Is there a way to specify the Instance metadata url ?

It doesn’t help you, because Fargate doesn’t run on your managed EC2 instance. Config ECS task IAM role correctly.