From c9396e49b585358acc3b12f6bbf49b42c8a3e1f1 Mon Sep 17 00:00:00 2001 From: Shelby Hagman Date: Wed, 14 Jan 2026 20:57:13 +0000 Subject: [PATCH] aws-credentials: add AWS Greengrass endpoint details Signed-off-by: Shelby Hagman --- administration/aws-credentials.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/administration/aws-credentials.md b/administration/aws-credentials.md index ea93f65e2..1e9c526fd 100644 --- a/administration/aws-credentials.md +++ b/administration/aws-credentials.md @@ -7,6 +7,7 @@ Plugins that interact with AWS services fetch credentials from the following pro - [EKS Web Identity Token (OIDC)](#eks-web-identity-token-oidc) - [ECS HTTP credentials endpoint](#ecs-http-credentials-endpoint) - [EC2 Instance Profile Credentials (IMDS)](#ec2-instance-profile-credentials-imds) +- [AWS Greengrass credentials](#aws-greengrass-credentials) All AWS plugins additionally support a `role_arn` (or `AWS_ROLE_ARN`, for [Elasticsearch](../pipeline/outputs/elasticsearch.md)) configuration parameter. If specified, the fetched credentials are used to assume the given role. @@ -42,3 +43,7 @@ Credentials are fetched using a pod identity endpoint. See [Learn how EKS Pod I ## EC2 instance profile credentials (IMDS) Fetches credentials for the EC2 instance profile's role. See [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html). As of Fluent Bit version 1.8.8, IMDSv2 is used by default and IMDSv1 might be disabled. Prior versions of Fluent Bit require enabling IMDSv1 on EC2. + +## AWS Greengrass credentials + +Fluent Bit fetches credentials from a localhost endpoint provided by the AWS IoT Greengrass token exchange service. The token exchange service runs as a local server on Greengrass core devices and provides AWS credentials through the `AWS_CONTAINER_CREDENTIALS_FULL_URI` and `AWS_CONTAINER_AUTHORIZATION_TOKEN` environment variables. For more information, see the AWS documentation about [Token exchange service](https://docs.aws.amazon.com/greengrass/v2/developerguide/token-exchange-service-component.html).