You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[exporter/awscloudwatchlogsexporter] add external id config for role assumption (#38062)
<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description
When assuming a role in an external AWS account, there are cases where
it's desirable to have an external id in the role assumption trust
policy. This pull requests adds external id as an optional parameter
when role assumption is used to retrieve AWS credentials.
This is reopening this
[pr](#36725)
<!-- Issue number (e.g. #1234) or full URL to issue, if applicable. -->
#### Link to tracking issue
Fixes
<!--Describe what testing was performed and which tests were added.-->
#### Testing
<!--Describe the documentation added.-->
#### Documentation
<!--Please delete paragraphs that you did not use before submitting.-->
Copy file name to clipboardExpand all lines: exporter/awscloudwatchlogsexporter/README.md
+34-9Lines changed: 34 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,17 +21,19 @@ NOTE: OpenTelemetry Logging support is experimental, hence this exporter is subj
21
21
22
22
The following settings are required:
23
23
24
-
-`log_group_name`: The group name of the CloudWatch Logs. If it does not exist it will be created automatically.
24
+
-`log_group_name`: The group name of the CloudWatch Logs. If it does not exist it will be created automatically.
25
25
-`log_stream_name`: The stream name of the CloudWatch Logs. If it does not exist it will be created automatically.
26
26
27
27
The following settings can be optionally configured:
28
28
29
29
-`region`: The AWS region where the log stream is in. Region must be specified if it is not already set in the default credential chain.
30
30
-`endpoint`: The CloudWatch Logs service endpoint which the requests are forwarded to. [See the CloudWatch Logs endpoints](https://docs.aws.amazon.com/general/latest/gr/cwl_region.html) for a list.
31
-
-`log_retention`: LogRetention is the option to set the log retention policy for only newly created CloudWatch Log Groups. Defaults to Never Expire if not specified or set to 0. Possible values for retention in days are 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, or 3653.
32
-
-`tags`: Tags is the option to set tags for the CloudWatch Log Group. If specified, please add at most 50 tags. Input is a string to string map like so: { 'key': 'value' }. Keys must be between 1-128 characters and follow the regex pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]+)$`(alphanumerics, whitespace, and _.:/=+-!). Values must be between 1-256 characters and follow the regex pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`(alphanumerics, whitespace, and _.:/=+-!).[Link to tagging restrictions](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogGroup.html#:~:text=Required%3A%20Yes-,tags,-The%20key%2Dvalue)
31
+
-`log_retention`: LogRetention is the option to set the log retention policy for only newly created CloudWatch Log Groups. Defaults to Never Expire if not specified or set to 0. Possible values for retention in days are 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, or 3653.
32
+
-`tags`: Tags is the option to set tags for the CloudWatch Log Group. If specified, please add at most 50 tags. Input is a string to string map like so: { 'key': 'value' }. Keys must be between 1-128 characters and follow the regex pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]+)$`(alphanumerics, whitespace, and _.:/=+-!). Values must be between 1-256 characters and follow the regex pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]\*)$`(alphanumerics, whitespace, and \_.:/=+-!). [Link to tagging restrictions](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogGroup.html#:~:text=Required%3A%20Yes-,tags,-The%20key%2Dvalue)
33
33
-`raw_log`: Boolean default false. If set to true, only the log message will be exported to CloudWatch Logs. This needs to be set to true for [EMF logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Embedded_Metric_Format_Specification.html).
34
-
-`sending_queue`: [Parameters for the sending queue](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/exporterhelper/README.md), where you can control parallelism and the size of the sending buffer. Obs.: this component will always have a sending queue enabled.
34
+
-`role_arn`: IAM role to upload logs to a different account.
35
+
-`external_id`: Shared identitier used when assuming an IAM role in an external AWS account. [See AWS IAM Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html#id_roles_third-party_external-id)
36
+
-`sending_queue`: [Parameters for the sending queue](https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/exporterhelper/README.md), where you can control parallelism and the size of the sending buffer. Obs.: this component will always have a sending queue enabled.
35
37
-`num_consumers`: Number of consumers that will consume from the sending queue. This parameter controls how many consumers will consume from the sending queue in parallel.
36
38
-`queue_size`: Maximum number of batches kept in memory before dropping; ignored if enabled is false
37
39
@@ -57,15 +59,38 @@ exporters:
57
59
region: "us-east-1"
58
60
endpoint: "logs.us-east-1.amazonaws.com"
59
61
log_retention: 365
60
-
tags: { 'sampleKey': 'sampleValue'}
62
+
tags: { "sampleKey": "sampleValue" }
61
63
```
62
64
63
-
## Additional Notes
65
+
## Additional Notes
64
66
65
67
- If the log group and/or log stream are specified in an EMF log, that EMF log will be exported to that log group and/or log stream (i.e. ignores the log group and log stream defined in the configuration)
66
68
- The log group and log stream will also be created automatically if they do not already exist.
67
-
- Example of an EMF log with log group and log stream:
69
+
- Example of an EMF log with log group and log stream:
Copy file name to clipboardExpand all lines: exporter/awsemfexporter/README.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,6 +39,7 @@ The following exporter configuration parameters are supported.
39
39
|`proxy_address`| Upload Structured Logs to AWS CloudWatch through a proxy. ||
40
40
|`region`| Send Structured Logs to AWS CloudWatch in a specific region. If this field is not present in config, environment variable "AWS_REGION" can then be used to set region. | determined by metadata |
41
41
|`role_arn`| IAM role to upload segments to a different account. ||
42
+
|`external_id`| Shared identitier used when assuming an IAM role in an external AWS account. ||
42
43
|`max_retries`| Maximum number of retries before abandoning an attempt to post data. | 1 |
43
44
| `dimension_rollup_option` | DimensionRollupOption is the option for metrics dimension rollup. Three options are available: `NoDimensionRollup`, `SingleDimensionRollupOnly` and `ZeroAndSingleDimensionRollup`. The default value is `ZeroAndSingleDimensionRollup`. Enabling feature gate `awsemf.nodimrollupdefault` will set default to `NoDimensionRollup`. |"ZeroAndSingleDimensionRollup" (Enable both zero dimension rollup and single dimension rollup)|
44
45
|`resource_to_telemetry_conversion`| "resource_to_telemetry_conversion" is the option for converting resource attributes to telemetry attributes. It has only one config option- `enabled`. For metrics, if `enabled=true`, all the resource attributes will be converted to metric labels by default. See `Resource Attributes to Metric Labels` section below for examples. |`enabled=false`|
0 commit comments