I followed the tutorial here (https://docs.aws.amazon.com/eks/latest/userguide/deploy-deployment.html) and it works well when the prometheus remote write is on the same account than the EKS
Now I have a separate account for EKS and Managed Prometheus, so I need to assume a role to be able to write to the prometheus remote write. I used this yaml https://raw.githubusercontent.com/aws-observability/aws-otel-community/master/sample-configs/operator/collector-config-amp.yaml
And I modified the extensions/sigv4auth like this :
apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
name: my-collector-amp
spec:
mode: deployment
serviceAccount: adot-collector
podAnnotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '8888'
config: |
extensions:
sigv4auth:
assume_role:
arn: "arn:aws:iam::1234567890:role/prometheus_remote_write_assumerole"
region: "us-west-2"
service: "aps"
Got that error :
Error: failed to get config: invalid configuration: extension "sigv4auth" has invalid configuration: bad AWS credentials
2022/09/08 13:57:32 application run finished with error: failed to get config: invalid configuration: extension "sigv4auth" has invalid configuration: bad AWS credentials
AWS OFFICIALAktualisiert vor 3 Jahren