Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2 service discovery works incorrectly #771

Closed
f41gh7 opened this issue Sep 16, 2020 · 2 comments
Closed

ec2 service discovery works incorrectly #771

f41gh7 opened this issue Sep 16, 2020 · 2 comments
Assignees
@f41gh7
Labels
bug Something isn't working vmagent

Comments

@f41gh7
Copy link
Contributor

f41gh7 commented Sep 16, 2020

Describe the bug

vmagent doesn't support all prometheus ec2_sd_config features.

With prometheus ec2_sd_config is possible to use following auth methods in addition to AWS_KEY and AWS_SECRET vars:

  • role_arn - sets explicit at ec2_sd_config
  • instance iam role - sets implicit, when iam role assigned to ec2 instance and AWS_KEY with AWS_SECRET configuration isn't set.

To Reproduce
based on this article
Assign iam role to instance and create following configuration:

scrape_configs:
  - job_name: 'node'
    ec2_sd_configs:
      - region: eu-west-1
    # Discover instances in account 111111111111
    - port: 9100
      role_arn: arn:aws:iam::111111111111:role/prometheus-assume-role-PrometheusAssumeRole-KJ4TK9KJBPU7

with prometheus it works, vmagent returns error:
missing `access_key` in AWS_ACCESS_KEY_ID env var; probably, `access_key` must be set in `ec2_sd_config`?

Expected behavior

ec2_sd_config must return instances for scraping.

Version
1.41.0
@f41gh7 f41gh7 added bug Something isn't working vmagent labels Sep 16, 2020
@f41gh7 f41gh7 self-assigned this Sep 16, 2020
@f41gh7 f41gh7 mentioned this issue Sep 17, 2020
Merged
valyala pushed a commit that referenced this issue Sep 21, 2020
@f41gh7 @hagen1778
Add improvements to ec2_sd_discovery (#775)
312fead 
* Add improvements to ec2 discovery

#771

 role_arn support with aws sts
 instance iam_role support
 refreshing temporary tokens

* Apply suggestions from code review

Co-authored-by: Roman Khavronenko <hagen1778@gmail.com>

* changed implementation, removed tests, clean up code

* moved endpoint builder into getEC2APIResponse

Co-authored-by: Roman Khavronenko <hagen1778@gmail.com>
@valyala
Copy link
Collaborator

valyala commented Sep 21, 2020

vmagent should be able to work properly with role_arn starting from the commit 312fead . This commit will be included in the next release.

valyala added a commit that referenced this issue Sep 21, 2020
@valyala
lib/promscrape/discovery/ec2: code prettifying after 312fead
964bc75 
Updates #771
valyala pushed a commit that referenced this issue Sep 21, 2020
@f41gh7 @hagen1778 @valyala
Add improvements to ec2_sd_discovery (#775)
0069353 
* Add improvements to ec2 discovery

#771

 role_arn support with aws sts
 instance iam_role support
 refreshing temporary tokens

* Apply suggestions from code review

Co-authored-by: Roman Khavronenko <hagen1778@gmail.com>

* changed implementation, removed tests, clean up code

* moved endpoint builder into getEC2APIResponse

Co-authored-by: Roman Khavronenko <hagen1778@gmail.com>
@valyala
Copy link
Collaborator

valyala commented Sep 23, 2020

FYI, support for role_arn and EC2 instance tokens has been included in v1.41.1. Closing this bug as fixed.

@valyala valyala closed this as completed Sep 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f41gh7 f41gh7

Labels
bug Something isn't working vmagent
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@valyala @f41gh7