[FEATURE] - Update docs to demo how to leverage IAM Task Roles for ECS #103
Description
Is your feature request related to a problem? Please describe.
The documentation today is nice and comprehensive as long as you're using the standard credential provider (ENV variables / etc.). However when placed into an ECS task using IAM Task Roles for credential and authorization it seems that the CloudwatchLogsClient doesn't seem to pick the credentials up as expected. As far as I can see, this is by no fault of this library.
Failing to provide credentials in other instances of the PHP SDK (at least in our other implementations) simply "works" with the SDK but for some reason CW likes to fail with the following error:
Credentials must be an instance of Aws\\Credentials\\CredentialsInterface, an associative array that contains \"key\", \"secret\", and an optional \"token\" key-value pairs, a credentials provider function, or false."
Of course, being tricksy you could help manually resolve this scenario by leveraging the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI env / etc. but we found that longer queue workers would eventually end up failing with cached tokens that would expire before the job executed (might be solved in a newer version of Laravel - we're on 6).
For our solution, we leveraged this documentation from AWS and their examples, I was able to resolve issues with being unable to push CW logs after a certain period of time:
$provider = CredentialProvider::ecsCredentials();
$sdkParams = [
'region' => env('AWS_DEFAULT_REGION', 'us-west-2'),
'version' => 'latest',
'credentials' => CredentialProvider::memoize($provider)
];
$client = new CloudWatchLogsClient($sdkParams);Describe the solution you'd like
Include this information in the README
Describe alternatives you've considered
Provide an alternative that is better suited?