diff --git a/operator/internal/manifests/storage/configure.go b/operator/internal/manifests/storage/configure.go index 5748b6bc40..a33944dbcc 100644 --- a/operator/internal/manifests/storage/configure.go +++ b/operator/internal/manifests/storage/configure.go @@ -222,11 +222,13 @@ func tokenAuthCredentials(opts Options) []corev1.EnvVar { return []corev1.EnvVar{ envVarFromValue(EnvAWSCredentialsFile, path.Join(tokenAuthConfigDirectory, KeyAWSCredentialsFilename)), envVarFromValue(EnvAWSSdkLoadConfig, "true"), + envVarFromValue(EnvAWSRegion, opts.S3.Region), } } else { return []corev1.EnvVar{ envVarFromSecret(EnvAWSRoleArn, opts.SecretName, KeyAWSRoleArn), envVarFromValue(EnvAWSWebIdentityTokenFile, ServiceAccountTokenFilePath), + envVarFromValue(EnvAWSRegion, opts.S3.Region), } } case lokiv1.ObjectStorageSecretAzure: diff --git a/operator/internal/manifests/storage/configure_test.go b/operator/internal/manifests/storage/configure_test.go index 365844330b..7b52593ffe 100644 --- a/operator/internal/manifests/storage/configure_test.go +++ b/operator/internal/manifests/storage/configure_test.go @@ -867,8 +867,9 @@ func TestConfigureDeploymentForStorageType(t *testing.T) { SharedStore: lokiv1.ObjectStorageSecretS3, CredentialMode: lokiv1.CredentialModeToken, S3: &S3StorageConfig{ - STS: true, Audience: "test", + Region: "test-region", + STS: true, }, }, dpl: &appsv1.Deployment{ @@ -919,6 +920,10 @@ func TestConfigureDeploymentForStorageType(t *testing.T) { Name: "AWS_WEB_IDENTITY_TOKEN_FILE", Value: "/var/run/secrets/storage/serviceaccount/token", }, + { + Name: "AWS_REGION", + Value: "test-region", + }, }, }, }, @@ -960,7 +965,8 @@ func TestConfigureDeploymentForStorageType(t *testing.T) { SharedStore: lokiv1.ObjectStorageSecretS3, CredentialMode: lokiv1.CredentialModeTokenCCO, S3: &S3StorageConfig{ - STS: true, + Region: "test-region", + STS: true, }, OpenShift: OpenShiftOptions{ Enabled: true, @@ -1012,6 +1018,10 @@ func TestConfigureDeploymentForStorageType(t *testing.T) { Name: "AWS_SDK_LOAD_CONFIG", Value: "true", }, + { + Name: "AWS_REGION", + Value: "test-region", + }, }, }, }, @@ -2065,7 +2075,8 @@ func TestConfigureStatefulSetForStorageType(t *testing.T) { SharedStore: lokiv1.ObjectStorageSecretS3, CredentialMode: lokiv1.CredentialModeTokenCCO, S3: &S3StorageConfig{ - STS: true, + Region: "test-region", + STS: true, }, OpenShift: OpenShiftOptions{ Enabled: true, @@ -2117,6 +2128,10 @@ func TestConfigureStatefulSetForStorageType(t *testing.T) { Name: "AWS_SDK_LOAD_CONFIG", Value: "true", }, + { + Name: "AWS_REGION", + Value: "test-region", + }, }, }, }, diff --git a/operator/internal/manifests/storage/var.go b/operator/internal/manifests/storage/var.go index 3451bd8b9e..1e2470b4d6 100644 --- a/operator/internal/manifests/storage/var.go +++ b/operator/internal/manifests/storage/var.go @@ -7,6 +7,8 @@ const ( EnvAlibabaCloudAccessKeyID = "ALIBABA_CLOUD_ACCESS_KEY_ID" // EnvAlibabaCloudAccessKeySecret is the environment variable to specify the AlibabaCloud client secret to access S3. EnvAlibabaCloudAccessKeySecret = "ALIBABA_CLOUD_ACCESS_KEY_SECRET" + // EnvAWSRegion configures the AWS region the client uses for operations. + EnvAWSRegion = "AWS_REGION" // EnvAWSAccessKeyID is the environment variable to specify the AWS client id to access S3. EnvAWSAccessKeyID = "AWS_ACCESS_KEY_ID" // EnvAWSAccessKeySecret is the environment variable to specify the AWS client secret to access S3.