Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vmagent: Support AWS's sigv4 signing process for remote_write #1287

Closed
chrissng opened this issue May 12, 2021 · 3 comments
Closed

vmagent: Support AWS's sigv4 signing process for remote_write #1287

chrissng opened this issue May 12, 2021 · 3 comments
Labels
enhancement New feature or request vmagent

Comments

@chrissng
Copy link

chrissng commented May 12, 2021
edited

Is your feature request related to a problem? Please describe.

I would like vmagent to be used as a standalone metric scraper that is able to write to any backend via the remote_write protocol, such as a managed service like the AWS Managed Service for Prometheus (AMP). vmagent is preferred over the prometheus server because it typically requires lower amounts of RAM, CPU and network bandwidth.

Describe the solution you'd like

Support the sigv4 AWS's Signature Verification 4 signing process. This should support writing metrics to AMP with sigv4 authentication. remote_write sigv4 configuration is specified here.

Some possible command-line flags could be:

-remoteWrite.sigv4Region
    Specifies the AWS region

-remoteWrite.sigv4Profile
    Specifies the AWS profile used to authenticate

-remoteWrite.sigv4RoleArn
    Specifies AWS Role ARN as an alternative to using AWS API keys

Describe alternatives you've considered

Additional context

AWS official doc on remote_write for AMP: here
@valyala valyala added enhancement New feature or request vmagent labels May 12, 2021
@f41gh7
Copy link
Contributor

f41gh7 commented May 12, 2021

Hello, as temporary workaround, its possible to use sigv4 proxy https://github.com/awslabs/aws-sigv4-proxy, configure it with needed params and point -remoteWrite.url=http://localhost:8080 - actual local address of sigv4 proxy.

@chrissng
Copy link
Author

@f41gh7 thanks for the info. This is useful and I think it should work. Will include this as an alternative

@f41gh7 f41gh7 mentioned this issue May 20, 2021
Closed
f41gh7 added a commit that referenced this issue Apr 12, 2022
@f41gh7
{lib/promscrape,app/vmagent}: adds sigv4 support for vmagent remoteWrite
cb4df9e 
moves aws related code into separate lib from lib/promscrape
it allows to write data from vmagent to the AWS managed prometheus (cortex)

#1287
@f41gh7 f41gh7 mentioned this issue Apr 12, 2022
Merged
valyala added a commit that referenced this issue May 4, 2022
@valyala
Merge branch 'public-single-node' into gh-1287
b8388fa
valyala added a commit that referenced this issue May 4, 2022
@f41gh7 @valyala
{lib/promscrape,app/vmagent}: adds sigv4 support for vmagent remoteWr…
d289ecd 
…ite (#2458)

* {lib/promscrape,app/vmagent}: adds sigv4 support for vmagent remoteWrite
moves aws related code into separate lib from lib/promscrape
it allows to write data from vmagent to the AWS managed prometheus (cortex)

#1287

* Apply suggestions from code review

* wip

Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
valyala added a commit that referenced this issue May 5, 2022
@valyala
lib/awsapi: pass filtersQueryString arg to GetEC2APIResponse() func…
d285c2f 
…tion, so the caller could decide whether to use the filters during the AWS API query

The filters shouldn't be passed to DescribeAvailabilityZones API call.
See #1626
Updates #1287

Related commits:
0e09fdb
d289ecd
valyala added a commit that referenced this issue May 5, 2022
@valyala
lib/awsapi: pass filtersQueryString arg to GetEC2APIResponse() func…
873f55b 
…tion, so the caller could decide whether to use the filters during the AWS API query

The filters shouldn't be passed to DescribeAvailabilityZones API call.
See #1626
Updates #1287

Related commits:
0e09fdb
d289ecd
@valyala
Copy link
Collaborator

valyala commented May 5, 2022

vmagent gained the ability to send data to -remoteWrite.url with sigv4 signature starting from v1.77.0. This can be done with the following command-line flags:

  -remoteWrite.aws.accessKey array
     Optional AWS AccessKey to use for -remoteWrite.url if -remoteWrite.aws.useSigv4 is set. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
     Supports an array of values separated by comma or specified via multiple flags.
  -remoteWrite.aws.region array
     Optional AWS region to use for -remoteWrite.url if -remoteWrite.aws.useSigv4 is set. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
     Supports an array of values separated by comma or specified via multiple flags.
  -remoteWrite.aws.roleARN array
     Optional AWS roleARN to use for -remoteWrite.url if -remoteWrite.aws.useSigv4 is set. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
     Supports an array of values separated by comma or specified via multiple flags.
  -remoteWrite.aws.secretKey array
     Optional AWS SecretKey to use for -remoteWrite.url if -remoteWrite.aws.useSigv4 is set. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
     Supports an array of values separated by comma or specified via multiple flags.
  -remoteWrite.aws.useSigv4 array
     Enables SigV4 request signing for -remoteWrite.url. It is expected that other -remoteWrite.aws.* command-line flags are set if sigv4 request signing is enabled. If multiple args are set, then they are applied independently for the corresponding -remoteWrite.url
     Supports array of values separated by comma or specified via multiple flags.

Closing the feature request as done.

@valyala valyala closed this as completed May 5, 2022
AndrewChubatiuk pushed a commit to AndrewChubatiuk/VictoriaMetrics that referenced this issue May 13, 2022
@f41gh7 @valyala
{lib/promscrape,app/vmagent}: adds sigv4 support for vmagent remoteWr…
e99bca5 
…ite (VictoriaMetrics#2458)

* {lib/promscrape,app/vmagent}: adds sigv4 support for vmagent remoteWrite
moves aws related code into separate lib from lib/promscrape
it allows to write data from vmagent to the AWS managed prometheus (cortex)

VictoriaMetrics#1287

* Apply suggestions from code review

* wip

Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
AndrewChubatiuk pushed a commit to AndrewChubatiuk/VictoriaMetrics that referenced this issue May 13, 2022
@valyala
lib/awsapi: pass filtersQueryString arg to GetEC2APIResponse() func…
59f3922 
…tion, so the caller could decide whether to use the filters during the AWS API query

The filters shouldn't be passed to DescribeAvailabilityZones API call.
See VictoriaMetrics#1626
Updates VictoriaMetrics#1287

Related commits:
0e09fdb
d289ecd
@transacid transacid mentioned this issue May 17, 2022
Merged
valyala added a commit that referenced this issue Aug 5, 2022
@valyala
lib/promscrape/discovery/ec2: properly handle custom endpoint optio…
f2816ef 
…n in ec2_sd_configs

This option was ignored since d289ecd

Updates #1287
valyala added a commit that referenced this issue Aug 5, 2022
@valyala
lib/promscrape/discovery/ec2: properly handle custom endpoint optio…
ecbe1dd 
…n in ec2_sd_configs

This option was ignored since d289ecd

Updates #1287
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request vmagent
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@valyala @chrissng @f41gh7