Thanks @AvihaiSam . This seems like it may potentially point to an issue in the AWS SDK. The receive_messages call should wait up to poll_secs (default of 15) to return if there are no messages available. It may be worth trying to reproduce with just the Rust AWS SDK and, if you can reproduce it, file a bug upstream: https://github.com/awslabs/aws-sdk-rust

Hi @jszwedko. My understanding is that poll_secs only configures the WaitTimeSeconds parameter of the SQS RequestMessage honoured API side. We don't appear to have a way to configure a client request timeout, so
connectivity could be lost at the network level, the client never sees a RST or FIN and stalls. We've seen this a number of times making updates to our CNI.

I agree with @andjhop
@jszwedko i have opened a ticket at the sdk repo, they have suggested to set an operation_attempt_timeout on client's timeout_config, what do you think of that? It sounds like they implemented that on all types of clients, so it can be a generic config for all AWS sources/sinks for vector, optionally set to null if timeout not wanted.

I agree with @andjhop @jszwedko i have opened a ticket at the sdk repo, they have suggested to set an operation_attempt_timeout on client's timeout_config, what do you think of that? It sounds like they implemented that on all types of clients, so it can be a generic config for all AWS sources/sinks for vector, optionally set to null if timeout not wanted.

Good find! I think adding that attempt timeout would make sense to have the client timeout if it receives no response. I agree it could be a generic setting supported by all AWS components. I think it could be configured around here:

Actually, I see we already have a config option for some components that could maybe be used here: https://vector.dev/docs/reference/configuration/sinks/aws_s3/#request.timeout_secs. We maybe just need to expose that on AWS sources too.

@jszwedko I will try that, but it states that the default value is 60s, which if was true - i wouldn't have found this issue in the first place... maybe it doesn't apply for any aws-sdk requests...

well... I get

Configuration error. error=unknown field `request`

when I try to add that:

sources:
  s3:
    ...
    request:
      timeout_secs: 15

so I guess it's not really working...

I don't think @jszwedko was suggesting that this should already work, rather that this configuration could perhaps be made available for AWS sources as it already is for sinks. The problem I see is that the request configuration already maps closely to Tower middleware which, if I understand correctly, isn't relevant to the aws_s3 source.

Right, yeah, sources don't have the same request options that sinks do which, as @andjhop points out, are closely tied to Tower. I think we could just add request.timeout_secs for sources that make requests though (like aws_s3).

oooh.... I thought I was looking at the source aws_s3...
well, I guess this might work...

That sounds good, although it seems reasonable that a user might want finer grain control over the settings the SDK client already allows for; here we have the ability to configure the connect timeout, read timeout, operation and operation attempt timeouts. Also considering #15518 which already exposed some of these settings for IMDS requests, introducing imds.connect_timeout_seconds and imds.read_timeout_seconds.

Agreed, some of those settings (operation and operation attempt timeouts) are AWS specific so it could make sense to expose them under AWS-specific options like request.aws.operation_timeout. Connect and read timeouts are general enough that we could consider supporting them on any component that makes HTTP requests assuming hyper, the HTTP crate we use, supports them. We could start with just supporting them on AWS components though.

OK, so request.{connect,read}_timeout_seconds and request.aws.operation_{attempt_,}timeout_seconds} then? And should we have the optional IMDS settings default to these if not configured? I'm happy to attempt the necessary changes.

OK, so request.{connect,read}_timeout_seconds and request.aws.operation_{attempt_,}timeout_seconds} then? And should we have the optional IMDS settings default to these if not configured? I'm happy to attempt the necessary changes.

That all sounds right to me! Agreed with having the IMDS fallback to those.

If you only need the timeout for SQS long polling, then I recommend only setting it for that specific operation in the operation's config override. It's pretty difficult to come up with an operation timeout value that works across different AWS services, since some operations are expected to take longer than others (for example, downloading a large file from S3).

Thank you, that makes sense. I've made a pull request for an optional timeout configuration on the S3 source for S3 and SQS operations, the exact naming and structure to be decided.

hey guys, I've compiled the code from @andjhop's PR and run it.
there's still an issue in py pipeline, didn't have enough time to investigate it, not sure if it's related to aws-s3-source but I think it is.

right after the the pod starts there's several (5 in this specific case)

2024-03-20T17:44:25.714865Z INFO source{component_kind="source" component_id=s3 component_type=aws_s3}:invoke{service=s3 operation=GetObject}:try_op:try_attempt:lazy_load_identity: aws_smithy_runtime::client::identity::cache::lazy: identity cache miss occurred; added new identity (took 110.795221ms) new_expiration=2024-03-20T18:44:25Z valid_for=3599.285135873s partition=IdentityCachePartition(7)

logs, and right after that nothing more.
on debug logs i can see that after several more logs there's no more reference for aws-s3 source in any of the logs.

i will try to investigate it further...

hey guys, I've compiled the code from @andjhop's PR and run it. there's still an issue in py pipeline, didn't have enough time to investigate it, not sure if it's related to aws-s3-source but I think it is.

right after the the pod starts there's several (5 in this specific case)

2024-03-20T17:44:25.714865Z INFO source{component_kind="source" component_id=s3 component_type=aws_s3}:invoke{service=s3 operation=GetObject}:try_op:try_attempt:lazy_load_identity: aws_smithy_runtime::client::identity::cache::lazy: identity cache miss occurred; added new identity (took 110.795221ms) new_expiration=2024-03-20T18:44:25Z valid_for=3599.285135873s partition=IdentityCachePartition(7)

logs, and right after that nothing more. on debug logs i can see that after several more logs there's no more reference for aws-s3 source in any of the logs.

i will try to investigate it further...

Thanks for taking a look at that. Just to confirm, you don't see that issue on master?

@jszwedko - I actually see no difference between master and PR. Though I believe the PR is legit and should be working...

@jszwedko - I actually see no difference between master and PR. Though I believe the PR is legit and should be working...

Gotcha, I think I misread your question before. I see that you expect to see the behavior on master, without this PR, but expected this PR to fix it. I would try running with debug logs enabled and see if anything jumps out.

Is that related? I didn't expect for this fix to affect or resolve anything related to the identity cache.