-
Story
-
Resolution: Done
-
Major
-
None
-
False
-
None
-
False
-
NEW
-
NEW
-
-
Story
As an administrator of cluster log forwarding for multi-admin clusters,
I need to use a separate STS Role and Token for authenticating each of the cluster-wide logging configs, so that each instance can authenticate independently
Acceptance Criteria
- multiple, isolated, ClusterLogForwarder instances can authenticate with Cloudwatch using STS roles
- Logs are written to CW based on the specific role_arn
Notes
- Will require each logging instance to have access to a unique webIdentityToken, specified for each aws profile or logging configuration
- for the splunk-audit-exporter
- we implemented a session timer to handle the specifics of expired token rotation
- read/write mutex to allow multiple goroutines to read logs while ensuring only one at a time can write to CW
- Based off epic for multiple-forwarders - ref: https://issues.redhat.com/browse/LOG-1343