cloudwatch_exporter icon indicating copy to clipboard operation
cloudwatch_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

STS and Custom Cloudwatch Endpoints

Open mrazavi32 opened this issue 6 years ago • 5 comments

Does the Cloudwatch exporter support the use of temp credentials/Security Token Service and C2S endpoints (non-public AWS endpoints)?

mrazavi32 avatar May 09 '19 12:05 mrazavi32

I'm pretty sure it doesn't. Would you accept a PR that adds this feature?

jscheid avatar Oct 19 '19 05:10 jscheid

Per https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html it should be possible via file.

brian-brazil avatar Oct 21 '19 09:10 brian-brazil

Thanks for the link but I can't see immediately what you're referring to. I'd like to point at a custom http URL, but I think https://github.com/prometheus/cloudwatch_exporter/blob/cbe73e796998012504485bc3f01298b6403d4615/src/main/java/io/prometheus/cloudwatch/CloudWatchCollector.java#L225 means that the URL is always derived from the region and always using https. Am I missing something?

jscheid avatar Oct 21 '19 19:10 jscheid

@jscheid is this still an issue? would like to elaborate a little more?

or-shachar avatar Jun 23 '22 15:06 or-shachar

I am wary of allowing users to override (potentially security relevant) endpoints. Under what circumstances is this necessary? The exporter uses a few different APIs; would the user have to provide URLs to all of them, or is there any higher-level setting that would allow achieving this intention less verbosely?

matthiasr avatar Jul 08 '22 10:07 matthiasr