👋 @sam I have a ktor service that runs (for now) in ElasticBeanstalk. It's been on hoplite 2.7.5 and I updated to 2.9.0 today. all fine. Then I tried to move from

hoplite-aws

to

hoplite-aws-kotlin

and ran into issues with the credential provider..only in EB.

aws.smithy.kotlin.runtime.identity.IdentityProviderException: No identity could be resolved from the chain: CredentialsProviderChain -> SystemPropertyCredentialsProvider -> EnvironmentCredentialsProvider -> ProfileCredentialsProvider -> StsWebIdentityProvider -> EcsCredentialsProvider -> ImdsCredentialsProvider

I switched over to

hoplite-aws2

and all is fine. But I can't figure out what's going on with the kotlin version. Nothing else changed..not my config code or anything about the EB environment. Have you run into this before? We're not planning to stay on EB and I suspect that there's something about accessing roles there that either the hoplite library, or the underlying aws library doesn't like.

Of those credentials providers which one should resolve (i.e. where are the credentials), or is it one that isn’t listed? AWS has been working on standardizing (across their various SDKs) how the credential providers work - likely its that difference between the newer Kotlin AWS SDK and older Java SDKs.

We're using the IAM role that is attached to both the EB env and also the EC2 instances. It has all of the permissions necessary..it does work with the other libraries. So according to the AWS sdk docs, I totally expect it to work. And it does with the aws2 library

Not that familiar with EB - would you know how it exposes the credentials?

I'll check this out on Monday and see if it connects any dots. I don't suggest becoming familiar with EB if you can help it 😂 thanks @Chris Lee

Good luck! Here is the AWS Kotlin SDK cred provider docs: https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/credential-providers.html It specifies that only imdsV2 is supported.

ok..i'm finally looking into this and our EB environment is set to use IMDSv1, so perhaps that's what's going on. These environments have proven to be a bit fragile, which is why we're moving over to ECS soon. I'm not going to try to move to v2 right now bc of the fragility. But I'll assume this is what's going on. We'll try to switch over the kotlin sdk once we're on ecs. Thanks for your help!

@Amy Lashley that’s likely the case as newer AWS SDKs (e.g. Kotlin) have never supported IMDSv1. You’ll be good on ECS - using the AWS Kotlin SDK there in various configurations w/o issue (and previously the Java SDK v2). Good luck on ECS cutover!

Glad you figured it out. I tend to avoid the kotlin SDKs as they just seem less mature? Maybe that's just me being paranoid, but there's not enough of a gain in using a kotlin specific library in this case for me to want to use it.