Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document the Lack of SigV4 Support #47

Merged
merged 5 commits into from
Mar 26, 2024
Merged

Document the Lack of SigV4 Support #47

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
210b0f9
Adding note for lack of SigV4 support for the Prometheus Connector.
forestmvey Mar 25, 2024
26575ba
Add additional note about sidecar alternative.
forestmvey Mar 25, 2024
6517875
Revisions to SigV4 note in README based on PR feedback.
forestmvey Mar 26, 2024
0bd7ed9
Merge pull request #16 from forestmvey/dev-document-lack-of-sigv4
forestmvey Mar 26, 2024
89b36f3
Revisions based on PR feedback
forestmvey Mar 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ The Prometheus Connector receives and sends time series data between Prometheus
- [Limitations](#limitations)
- [Maximum Prometheus Samples Per Remote Write Request](#maximum-prometheus-samples-per-remote-write-request)
- [Caveats](#caveats)
- [Unsupported SigV4 Authentication](#unsupported-sigv4-authentication)
- [Unsupported Temporary Security Credentials](#unsupported-temporary-security-credentials)
- [Unsupported RE2 Syntax](#unsupported-re2-syntax)
- [Inaccurate Prometheus Metrics](#inaccurate-prometheus-metrics)
Expand Down Expand Up @@ -1026,6 +1027,11 @@ It is recommended to use the default value for `max_samples_per_send` in Prometh

# Caveats

### Unsupported SigV4 Authentication
Prometheus supports SigV4 for the `remote_write` protocol with limitations and lacks SigV4 support for the `remote_read` protocol. With the deployment method of the `Prometheus Connector` being a lambda function, the `service` portion of the SigV4 header must be set to the value `execute-api`. Prometheus hard-codes this value to `aps`, limiting SigV4 support to Amazon Managed Service for Prometheus. Integrating SigV4 support will require `remote_read` SigV4 support added and configuration settings for the `service` portion of the SigV4 header integrated with [Prometheus](https://github.com/prometheus/prometheus). See [issue 1](https://github.com/awslabs/amazon-timestream-connector-prometheus/issues/33) for tracking the integration of this feature with the `Prometheus Connector`, and please leave a comment if this is a feature you wish to be added to the repository.

If SigV4 is required, SigV4 authentication is possible by running Prometheus with a [sidecar](https://github.com/awslabs/aws-sigv4-proxy). This will require enabling IAM authentication for the APIGateway deployment, which is not covered in the `Prometheus Connector` documentation.

### Unsupported Temporary Security Credentials

All Prometheus requests sent to the Prometheus Connector will be authorized through the AWS SDK for Go. The Prometheus Connector only supports passing the IAM user access key and the IAM user secret access key through the basic authentication header.
Expand Down
Loading