Is this a docs issue?
Type of issue
Other
Description
The aws go sdk v2 does not refresh credentials, ever (aws/aws-sdk-go-v2#2135). So if a docker process is started using awslogs, but the credentials file only contains temporary credentials, then the logs will only work for a finite period of time before failing to upload, even when the credentials file has been updated with a curent temporary credentials.
This is a common case when using ssm hybrid/onprem to maintain an aws credential on the box
Location
https://docs.docker.com/engine/logging/drivers/awslogs/
Suggestion
Add a note to the first paragraph of the credentials section explaining that (at least the file) is only read once at startup time and docker will not be picking up updated credentials to the file without restarting the container.
Is this a docs issue?
Type of issue
Other
Description
The aws go sdk v2 does not refresh credentials, ever (aws/aws-sdk-go-v2#2135). So if a docker process is started using awslogs, but the credentials file only contains temporary credentials, then the logs will only work for a finite period of time before failing to upload, even when the credentials file has been updated with a curent temporary credentials.
This is a common case when using ssm hybrid/onprem to maintain an aws credential on the box
Location
https://docs.docker.com/engine/logging/drivers/awslogs/
Suggestion
Add a note to the first paragraph of the credentials section explaining that (at least the file) is only read once at startup time and docker will not be picking up updated credentials to the file without restarting the container.