AWS Open Source Blog

Prometheus 2.26.0 adds AWS Signature Version 4 support

The latest release of Prometheus (v2.26.0), an open source systems monitoring and alerting toolkit, rolled out native AWS Signature Version 4 authentication support. With this new feature, the Prometheus server is able to directly make remote-write API calls to send metrics to the Amazon Managed Service for Prometheus (AMP) without having to rely on a proxy sidecar container, such as the AWS SigV4 container. The GitHub pull request PR 8509 that adds this feature is the original AWS Signature Version 4 authentication code in the Grafana Cloud Agent. This uses the AWS SDK for Go to enable this feature.

What is AWS Signature Version 4?

AWS Signature Version 4 is a process to add authentication information to requests made to AWS APIs using HTTP. The AWS Command Line Interface (AWS CLI) and the AWS SDKs already use this protocol to make calls to the AWS APIs. Review the AWS Signature Version 4 docs to learn about how the Signature Version 4 signing process works.

How Signature Version 4 works with AMP

This feature uses the SDK for Go, as seen in the sigv4.go file in the repo. As mentioned, AWS SDKs use the Signature Version 4 authentication protocol natively to make calls to AWS APIs. As a result, the metric ingestion calls made to the remote write API endpoints from the Prometheus server to the AMP workspace are made using the Signature Version 4 protocol.

The following diagram shows how this changes.

Diagram of Prometheus 2.26 adds AWS Signature Version 4 support

Read the updated getting started blog post to understand how to start using this setup.

Conclusion

Learn more about the Amazon Managed Service for Prometheus (AMP) by reading the user guide. If you are using a standalone Prometheus server, you can download the latest release from the Prometheus site. Read the full release notes for version 2.26.0 to learn more.

Let us know if your configuration doesn’t work or if you have any feedback on how the user experience can be further simplified. Please file an issue with your question, or if you want to report a bug or suggest an enhancement.

Alolita Sharma

Alolita Sharma

Alolita is a Principal Technologist at AWS where she leads open source observability engagement and engineering for OpenTelemetry, Prometheus, Cortex, Grafana. Alolita also serves as co-chair of the CNCF Observability Technical Advisory Group, as member of the OpenTelemetry Governance Committee and as a board director of the Unicode Consortium. She contributes to open standards on the Unicode Technical Committee and W3C. She has served on the boards of the OSI and SFLC.in. Alolita has led engineering teams at Wikipedia, Twitter, PayPal and IBM. Two decades of doing open source continue to inspire her. You can find her on Twitter @alolita.

Imaya Kumar Jagannathan

Imaya Kumar Jagannathan

Imaya is a Senior Solution Architect focused on AWS Observability tools including Amazon CloudWatch, AWS X-Ray, Amazon Managed Service for Prometheus, Amazon Managed Service for Grafana and AWS Distro for Open Telemetry. He is passionate about monitoring and observability and has a strong application development and architecture background. He likes working on distributed systems and is excited to talk about microservice architecture design. He loves programming on C#, working with containers and serverless technologies. Find him on Twitter @imaya.