From f026d03abf05f47272dd64de13384db6a7886faf Mon Sep 17 00:00:00 2001
From: John DiSanti <jdisanti@amazon.com>
Date: Mon, 5 Dec 2022 11:16:20 -0800
Subject: [PATCH 1/4] Add `info` event for credentials cache miss

---
 .../src/meta/credentials/lazy_caching.rs       | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/aws/rust-runtime/aws-config/src/meta/credentials/lazy_caching.rs b/aws/rust-runtime/aws-config/src/meta/credentials/lazy_caching.rs
index 457d6b91891..a3e13c431e6 100644
--- a/aws/rust-runtime/aws-config/src/meta/credentials/lazy_caching.rs
+++ b/aws/rust-runtime/aws-config/src/meta/credentials/lazy_caching.rs
@@ -6,11 +6,11 @@
 //! Lazy, caching, credentials provider implementation
 
 use std::sync::Arc;
-use std::time::Duration;
+use std::time::{Duration, Instant};
 
 use aws_smithy_async::future::timeout::Timeout;
 use aws_smithy_async::rt::sleep::AsyncSleep;
-use tracing::{trace_span, Instrument};
+use tracing::{debug, info, info_span, Instrument};
 
 use aws_types::credentials::{future, CredentialsError, ProvideCredentials};
 use aws_types::os_shim_internal::TimeSource;
@@ -77,16 +77,17 @@ impl ProvideCredentials for LazyCachingCredentialsProvider {
         future::ProvideCredentials::new(async move {
             // Attempt to get cached credentials, or clear the cache if they're expired
             if let Some(credentials) = cache.yield_or_clear_if_expired(now).await {
-                tracing::debug!("loaded credentials from cache");
+                debug!("loaded credentials from cache");
                 Ok(credentials)
             } else {
                 // If we didn't get credentials from the cache, then we need to try and load.
                 // There may be other threads also loading simultaneously, but this is OK
                 // since the futures are not eagerly executed, and the cache will only run one
                 // of them.
-                let span = trace_span!("lazy_load_credentials");
+                let span = info_span!("lazy_load_credentials");
                 let future = Timeout::new(loader.provide_credentials(), timeout_future);
-                cache
+                let start_time = Instant::now();
+                let result = cache
                     .get_or_load(|| {
                         async move {
                             let credentials = future.await.map_err(|_err| {
@@ -102,7 +103,12 @@ impl ProvideCredentials for LazyCachingCredentialsProvider {
                         // is opened if the cache decides not to execute it.
                         .instrument(span)
                     })
-                    .await
+                    .await;
+                info!(
+                    "credentials cache miss occurred; retrieved new AWS credentials (took {:?})",
+                    start_time.elapsed()
+                );
+                result
             }
         })
     }

From 717072b6b358ffd0d404677f1e90c6f059502524 Mon Sep 17 00:00:00 2001
From: John DiSanti <jdisanti@amazon.com>
Date: Mon, 5 Dec 2022 11:17:29 -0800
Subject: [PATCH 2/4] Remove duplicate credential provider spans

These spans are handled more generically in the default chain.
---
 aws/rust-runtime/aws-config/src/profile/credentials.rs | 5 +----
 aws/rust-runtime/aws-config/src/web_identity_token.rs  | 5 -----
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/aws/rust-runtime/aws-config/src/profile/credentials.rs b/aws/rust-runtime/aws-config/src/profile/credentials.rs
index 31908c0dbd8..9aecd80cffa 100644
--- a/aws/rust-runtime/aws-config/src/profile/credentials.rs
+++ b/aws/rust-runtime/aws-config/src/profile/credentials.rs
@@ -46,10 +46,7 @@ impl ProvideCredentials for ProfileFileCredentialsProvider {
     where
         Self: 'a,
     {
-        future::ProvideCredentials::new(self.load_credentials().instrument(tracing::debug_span!(
-            "load_credentials",
-            provider = %"Profile"
-        )))
+        future::ProvideCredentials::new(self.load_credentials())
     }
 }
 
diff --git a/aws/rust-runtime/aws-config/src/web_identity_token.rs b/aws/rust-runtime/aws-config/src/web_identity_token.rs
index b1edaec822b..c1238764e85 100644
--- a/aws/rust-runtime/aws-config/src/web_identity_token.rs
+++ b/aws/rust-runtime/aws-config/src/web_identity_token.rs
@@ -71,7 +71,6 @@ use aws_types::credentials::{self, future, CredentialsError, ProvideCredentials}
 use aws_types::os_shim_internal::{Env, Fs};
 use std::borrow::Cow;
 use std::path::{Path, PathBuf};
-use tracing::Instrument;
 
 const ENV_VAR_TOKEN_FILE: &str = "AWS_WEB_IDENTITY_TOKEN_FILE";
 const ENV_VAR_ROLE_ARN: &str = "AWS_ROLE_ARN";
@@ -161,10 +160,6 @@ impl WebIdentityTokenCredentialsProvider {
             &conf.role_arn,
             &conf.session_name,
         )
-        .instrument(tracing::debug_span!(
-            "load_credentials",
-            provider = "WebIdentityToken"
-        ))
         .await
     }
 }

From 9ad65eff614a40963733ce7d809a40323b69e1e3 Mon Sep 17 00:00:00 2001
From: John DiSanti <jdisanti@amazon.com>
Date: Mon, 5 Dec 2022 11:26:33 -0800
Subject: [PATCH 3/4] Touch up some credentials events/spans

---
 aws/rust-runtime/aws-config/src/imds/credentials.rs | 2 +-
 aws/rust-runtime/aws-config/src/sts/assume_role.rs  | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/aws/rust-runtime/aws-config/src/imds/credentials.rs b/aws/rust-runtime/aws-config/src/imds/credentials.rs
index 7c4e3eb8e35..41f8d75ed60 100644
--- a/aws/rust-runtime/aws-config/src/imds/credentials.rs
+++ b/aws/rust-runtime/aws-config/src/imds/credentials.rs
@@ -152,7 +152,7 @@ impl ImdsCredentialsProvider {
             Err(ImdsError::ErrorResponse(context))
                 if context.response().status().as_u16() == 404 =>
             {
-                tracing::info!(
+                tracing::warn!(
                     "received 404 from IMDS when loading profile information. \
                     Hint: This instance may not have an IAM role associated."
                 );
diff --git a/aws/rust-runtime/aws-config/src/sts/assume_role.rs b/aws/rust-runtime/aws-config/src/sts/assume_role.rs
index 680226f03c8..a9e8a5bbe85 100644
--- a/aws/rust-runtime/aws-config/src/sts/assume_role.rs
+++ b/aws/rust-runtime/aws-config/src/sts/assume_role.rs
@@ -235,8 +235,6 @@ impl AssumeRoleProviderBuilder {
 
 impl Inner {
     async fn credentials(&self) -> credentials::Result {
-        tracing::info!("assuming role");
-
         tracing::debug!("retrieving assumed credentials");
         let op = self
             .op
@@ -281,7 +279,7 @@ impl ProvideCredentials for Inner {
     {
         future::ProvideCredentials::new(
             self.credentials()
-                .instrument(tracing::info_span!("assume_role")),
+                .instrument(tracing::debug_span!("assume_role")),
         )
     }
 }

From 216d867ba1074d7d247e5595ccb2d397163dbaf2 Mon Sep 17 00:00:00 2001
From: John DiSanti <jdisanti@amazon.com>
Date: Mon, 5 Dec 2022 13:18:08 -0800
Subject: [PATCH 4/4] Update changelog

---
 CHANGELOG.next.toml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.next.toml b/CHANGELOG.next.toml
index c7a74a8cdef..d33fcdbac47 100644
--- a/CHANGELOG.next.toml
+++ b/CHANGELOG.next.toml
@@ -625,3 +625,9 @@ message = "Implementation of the Debug trait for container shapes now redacts wh
 references = ["smithy-rs#1983", "smithy-rs#2029"]
 meta = { "breaking" = true, "tada" = false, "bug" = false, "target" = "all" }
 author = "ysaito1001"
+
+[[aws-sdk-rust]]
+message = "Log an `info` on credentials cache miss and adjust level of some credential `tracing` spans/events."
+references = ["smithy-rs#2062"]
+meta = { "breaking" = false, "tada" = false, "bug" = false }
+author = "jdisanti"