I've set up by elasticsearch.rb initializer with the following aws_credentials.
Searchkick.aws_credentials = {
credentials: Aws::InstanceProfileCredentials.new.credentials,
region: 'us-west-2',
}
This works fine when I first redeploy but after 12 hours, my credentials expire and I end up with a bunch of these errors:
Elasticsearch::Transport::Transport::Errors::Forbidden ([403] {"message":"The security token included in the request is expired"})
This makes sense given the expiration on a set of my credentials appears to be 12 hours. Aws::InstanceProfileCredentials.new.expiration = 2020-02-13 21:36:30 UTC
Given that I want to continue to rotate credentials, how do I get Searchkick to pull the latest credentials for each request?
Passing in the entire Aws::InstanceProfileCredentials fixed this
Searchkick.aws_credentials = {
credentials: Aws::InstanceProfileCredentials.new,
region: 'us-west-2',
}