Conjur OSS AWS Credential Rotator Logs

So we’ve been using Conjur-OSS for some time now, primarily to help with rotating AWS credentials, which has worked fine previously. But recently we noticed that the rotations has failed silently, and has done so for quite a long time, with no log messages that we could find as to why.

So I’m wondering, should there be logs printed about the rotator failure? Do we need to tweak the log-level (didn’t find if that was possible with OSS, though the Enterprise version said you could set a environment variable for it)?

We’ve verified that the User who owns the credentials has the three necessary IAM permissions to rotate its own credentials, and we’ve verified that the region, access-key-id and secret-access-key are valid and working, according to Rotate secrets

Any tips for further troubleshooting?