ruby-on-railsamazon-web-serviceselasticsearchsearchkickaws-sdk-ruby

Searchkick AWS Credentials Expire


I've set up by elasticsearch.rb initializer with the following aws_credentials.

  Searchkick.aws_credentials = {
    credentials: Aws::InstanceProfileCredentials.new.credentials,
    region: 'us-west-2',
  }

This works fine when I first redeploy but after 12 hours, my credentials expire and I end up with a bunch of these errors:

Elasticsearch::Transport::Transport::Errors::Forbidden ([403] {"message":"The security token included in the request is expired"})

This makes sense given the expiration on a set of my credentials appears to be 12 hours. Aws::InstanceProfileCredentials.new.expiration = 2020-02-13 21:36:30 UTC

Given that I want to continue to rotate credentials, how do I get Searchkick to pull the latest credentials for each request?


Solution

  • Passing in the entire Aws::InstanceProfileCredentials fixed this

      Searchkick.aws_credentials = {
        credentials: Aws::InstanceProfileCredentials.new,
        region: 'us-west-2',
      }