EKS adot to AWS Managed Prometheus remote write in another account

0

I followed the tutorial here (https://docs.aws.amazon.com/eks/latest/userguide/deploy-deployment.html) and it works well when the prometheus remote write is on the same account than the EKS Now I have a separate account for EKS and Managed Prometheus, so I need to assume a role to be able to write to the prometheus remote write. I used this yaml https://raw.githubusercontent.com/aws-observability/aws-otel-community/master/sample-configs/operator/collector-config-amp.yaml And I modified the extensions/sigv4auth like this :

apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
  name: my-collector-amp
spec:
  mode: deployment
  serviceAccount: adot-collector
  podAnnotations:
    prometheus.io/scrape: 'true'
    prometheus.io/port: '8888'
  config: |
    extensions:
      sigv4auth:
        assume_role:
          arn: "arn:aws:iam::1234567890:role/prometheus_remote_write_assumerole"
        region: "us-west-2"
        service: "aps"

Got that error : Error: failed to get config: invalid configuration: extension "sigv4auth" has invalid configuration: bad AWS credentials 2022/09/08 13:57:32 application run finished with error: failed to get config: invalid configuration: extension "sigv4auth" has invalid configuration: bad AWS credentials

1 Answer
0

Assuming you are using ADOT for EKS add-ons, we expect the next release shortly, and the error messaging here will be improved, providing you more context to resolve your issue.

AWS
hsuehe
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions