github-mirrors/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus synced 2026-05-01 07:30:30 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge pull request #17171 from bboreham/aws-external-id
Some checks failed
buf.build / lint and publish (push) Has been cancelled
Details
CI / Go tests (push) Has been cancelled
Details
CI / More Go tests (push) Has been cancelled
Details
CI / Go tests for Prometheus upgrades and downgrades (push) Has been cancelled
Details
CI / Go tests with previous Go version (push) Has been cancelled
Details
CI / UI tests (push) Has been cancelled
Details
CI / Go tests on Windows (push) Has been cancelled
Details
CI / Mixins tests (push) Has been cancelled
Details
CI / Compliance testing (push) Has been cancelled
Details
CI / Build Prometheus for common architectures (0) (push) Has been cancelled
Details
CI / Build Prometheus for common architectures (1) (push) Has been cancelled
Details
CI / Build Prometheus for common architectures (2) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (0) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (1) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (10) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (11) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (2) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (3) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (4) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (5) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (6) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (7) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (8) (push) Has been cancelled
Details
CI / Build Prometheus for all architectures (9) (push) Has been cancelled
Details
CI / Report status of build Prometheus for all architectures (push) Has been cancelled
Details
CI / Check generated parser (push) Has been cancelled
Details
CI / golangci-lint (push) Has been cancelled
Details
CI / fuzzing (push) Has been cancelled
Details
CI / codeql (push) Has been cancelled
Details
CI / Publish main branch artifacts (push) Has been cancelled
Details
CI / Publish release artefacts (push) Has been cancelled
Details
CI / Publish UI on npm Registry (push) Has been cancelled
Details
govulncheck / Run govulncheck (push) Has been cancelled
Details
Scorecards supply-chain security / Scorecards analysis (push) Has been cancelled
Details
Sync repo files / repo_sync (push) Has been cancelled
Details

Browse Source 
[ENHANCEMENT] AWS SD: Add optional external_id field
This commit is contained in:
Julien
2026-04-24 09:41:58 +02:00
committed by GitHub
parent 9c89645d87 815ebe50f6
commit 551b5b1c56
3 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
discovery/aws/ec2.go
View File

@@ -93,6 +93,7 @@ type EC2SDConfig struct {
SecretKey config.Secret `yaml:"secret_key,omitempty"`
Profile string `yaml:"profile,omitempty"`
RoleARN string `yaml:"role_arn,omitempty"`
ExternalID string `yaml:"external_id,omitempty"`
RefreshInterval model.Duration `yaml:"refresh_interval,omitempty"`
Port int `yaml:"port"`
Filters []*EC2Filter `yaml:"filters"`
@@ -225,7 +226,11 @@ func (d *EC2Discovery) ec2Client(ctx context.Context) (ec2Client, error) {
// If the role ARN is set, assume the role to get credentials and set the credentials provider in the config.
if d.cfg.RoleARN != "" {
assumeProvider := stscreds.NewAssumeRoleProvider(sts.NewFromConfig(cfg), d.cfg.RoleARN)
assumeProvider := stscreds.NewAssumeRoleProvider(sts.NewFromConfig(cfg), d.cfg.RoleARN, func(o *stscreds.AssumeRoleOptions) {
if d.cfg.ExternalID != "" {
o.ExternalID = aws.String(d.cfg.ExternalID)
}
})
cfg.Credentials = aws.NewCredentialsCache(assumeProvider)
}

7
discovery/aws/lightsail.go
View File

@@ -75,6 +75,7 @@ type LightsailSDConfig struct {
SecretKey config.Secret `yaml:"secret_key,omitempty"`
Profile string `yaml:"profile,omitempty"`
RoleARN string `yaml:"role_arn,omitempty"`
ExternalID string `yaml:"external_id,omitempty"`
RefreshInterval model.Duration `yaml:"refresh_interval,omitempty"`
Port int `yaml:"port"`
@@ -184,7 +185,11 @@ func (d *LightsailDiscovery) lightsailClient(ctx context.Context) (*lightsail.Cl
// If the role ARN is set, assume the role to get credentials and set the credentials provider in the config.
if d.cfg.RoleARN != "" {
assumeProvider := stscreds.NewAssumeRoleProvider(sts.NewFromConfig(cfg), d.cfg.RoleARN)
assumeProvider := stscreds.NewAssumeRoleProvider(sts.NewFromConfig(cfg), d.cfg.RoleARN, func(o *stscreds.AssumeRoleOptions) {
if d.cfg.ExternalID != "" {
o.ExternalID = aws.String(d.cfg.ExternalID)
}
})
cfg.Credentials = aws.NewCredentialsCache(assumeProvider)
}

6
docs/configuration/configuration.md
View File

@@ -1861,6 +1861,9 @@ See below for the configuration options for EC2 discovery:
# AWS Role ARN, an alternative to using AWS API keys.
[ role_arn: <string> ]
# Optional External ID that can go along with role_arn.
[ external_id: <string> ]
# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 60s ]
@@ -2747,6 +2750,9 @@ See below for the configuration options for Lightsail discovery:
# AWS Role ARN, an alternative to using AWS API keys.
[ role_arn: <string> ]
# Optional External ID that can go along with role_arn.
[ external_id: <string> ]
# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 60s ]