Is it possible when running OSS Loki on an AWS EC2 (or a host running AWS SSM Agent), to use an IAM Role (or instance profile) instead of IAM User for Loki to access S3?
Yes, no reason not to do that if you are running in AWS.
You should not need to set instance profile if it’s attached to the instance. Please see Using instance profiles - AWS Identity and Access Management. Also this is not Loki related, I’d recommend you to ask AWS related questions in their forums.
it is Loki Related, as im asking for step 3 that talks to IAM User (Access Key/SecretKey) in this doc:
https://grafana.com/docs/loki/latest/setup/install/helm/install-monolithic/
Hello,
Looks like I’ve got the same issue.
I installed a docker with Loki, in AWS, EC2 has a role-based access to S3. I’ve checked via AWS CLI - access-policy works fine. Nevertheless, if I try to start Loki-docker, I get an error:
msg="error running loki" err="NoCredentialProviders: no valid providers in chain. Deprecated.
Here I use config of Loki like this:
storage_config:
aws:
s3: s3://<my_region_here_goes>
bucketnames: <my_s3_name_here_goes>
tsdb_shipper:
active_index_directory: /loki/tsdb-index
cache_location: /loki/tsdb-cache
shared_store: s3
if I modify line with s3 like this:
s3: s3://<ACCESS_KEY>/<SECRET_KEY>@<my_region_here_goes>
it works fine. But I’d like not to use credentials, but via aws role like here is
and no matter how I apply a bucketname - as a separated parameter, or in one line with aws_region, it doesn’t work.
Will appreciate any help
Best regards