diff --git a/.chloggen/awskinesis_cached-credentials.yaml b/.chloggen/awskinesis_cached-credentials.yaml new file mode 100644 index 000000000000..6434488c522c --- /dev/null +++ b/.chloggen/awskinesis_cached-credentials.yaml @@ -0,0 +1,6 @@ +change_type: bug_fix +component: awskinesisexporter +note: Wraps the `AssumeRoleProvider` in a `CachedCredentials` provider, in the case the AWS role is specified. This prevents a role assumption from happening every API call. +issues: [32415] +subtext: +change_logs: [user] diff --git a/exporter/awskinesisexporter/exporter.go b/exporter/awskinesisexporter/exporter.go index fb4ab23df61a..12169d813f94 100644 --- a/exporter/awskinesisexporter/exporter.go +++ b/exporter/awskinesisexporter/exporter.go @@ -65,10 +65,11 @@ func createExporter(ctx context.Context, c component.Config, log *zap.Logger, op var kinesisOpts []func(*kinesis.Options) if conf.AWS.Role != "" { kinesisOpts = append(kinesisOpts, func(o *kinesis.Options) { - o.Credentials = stscreds.NewAssumeRoleProvider( + roleProvider := stscreds.NewAssumeRoleProvider( sts.NewFromConfig(awsconf), conf.AWS.Role, ) + o.Credentials = aws.NewCredentialsCache(roleProvider) }) } diff --git a/exporter/awskinesisexporter/exporter_test.go b/exporter/awskinesisexporter/exporter_test.go index dc383a55f363..59d2f5fe4084 100644 --- a/exporter/awskinesisexporter/exporter_test.go +++ b/exporter/awskinesisexporter/exporter_test.go @@ -46,6 +46,7 @@ func TestCreatingExporter(t *testing.T) { conf: applyConfigChanges(func(conf *Config) { conf.AWS.StreamName = "example-test" conf.AWS.Region = "us-east-1" + conf.AWS.Role = "example-role" }), validateNew: func(tb testing.TB) func(conf aws.Config, opts ...func(*kinesis.Options)) *kinesis.Client { return func(conf aws.Config, opts ...func(*kinesis.Options)) *kinesis.Client {