Add ability to sign requests for all AWS services #380
Conversation
|
Is it relevant for Prometheus?
Le mar. 17 mai 2022, 13:37, Boris Petersen ***@***.***> a
écrit :
… This add the ability to utilize sigv4 signing for all AWS services not
just "aps". When the newly introduced property "service" is not set in
config it will default to "aps".
I found it hard to think of a way to test this. When you have ideas,
please let me know.
------------------------------
You can view, comment on, or merge this pull request online at:
#380
Commit Summary
- 136f390
<136f390>
Add ability to sign requests for all AWS services
File Changes
(4 files <https://github.com/prometheus/common/pull/380/files>)
- *M* sigv4/sigv4.go
<https://github.com/prometheus/common/pull/380/files#diff-4e006712414e934530d8487ba2981f63c47376d5ccfa65789d3a278a79572113>
(19)
- *M* sigv4/sigv4_config.go
<https://github.com/prometheus/common/pull/380/files#diff-82b641e2da7df6266936d0e3cf689eda548940f5a5e55e9e1f281d3e381733f5>
(1)
- *M* sigv4/sigv4_config_test.go
<https://github.com/prometheus/common/pull/380/files#diff-a79f80041894f90d3a52ea2a2b9831dbf796a2158a6b7d58af42994f7d7fbe5e>
(7)
- *A* sigv4/testdata/sigv4_good_service.yaml
<https://github.com/prometheus/common/pull/380/files#diff-58f40f133128f874df38c9ca7a2097f6a9b4c47b78d46431b1af9eddf34d01a1>
(4)
Patch Links:
- https://github.com/prometheus/common/pull/380.patch
- https://github.com/prometheus/common/pull/380.diff
—
Reply to this email directly, view it on GitHub
<#380>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACHHJXPJNI6WPZQEQHWHG3VKOAIBANCNFSM5WETXCYQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
yes it is. I'd also had to change the documentation. |
|
hey, is there anything I can do? something that is missing? |
|
This patch enables users of your client library who operate Prometheus (or compatible services) on their own in AWS and want to protect the exposed endpoints with the help of AWS IAM instead of static http basic_auth credentials. We want to use AWS APIGateway for that, so the requests must be signed for the service 'execute-api' to be valid. But also other frontends (e.g. load balancers) are thinkable. Currently the signing process is tied to only support AWS Managed Service for Prometheus. This PR increases the flexibility of your users. |
This add the ability to utilize sigv4 signing for all AWS services not just "aps". When the newly introduced property "service" is not set in config it will default to "aps". Signed-off-by: Boris Petersen <[email protected]>
transacid
force-pushed
the
sigv4_service
branch
from
1748280
to
501d3ad
Compare
This add the ability to utilize sigv4 signing for all AWS services not
just "aps". When the newly introduced property "service" is not set in
config it will default to "aps".
I found it hard to think of a way to test this. When you have ideas, please let me know.