Amazon Managed Service for Prometheus features

Amazon Managed Service for Prometheus offers enterprise-ready security and compliance. Amazon Managed Service for Prometheus includes built-in support for AWS Identity and Access Management (IAM), and fine-grained access control for ingesting and exporting metrics from AWS services. Amazon Managed Service for Prometheus also integrates with AWS CloudTrail, so you can get a record of actions taken by a user, a role, or an AWS service in Amazon Managed Service for Prometheus. CloudTrail captures all API calls for Amazon Managed Service for Prometheus as events, which you can set up to be continuously delivered to an Amazon S3 bucket. If you are using Amazon Managed Service for Prometheus and Amazon Managed Grafana together, they seamlessly and securely connect using IAM authentication and private VPC endpoint connectivity.

With AWS PrivateLink, you can connect your VPCs to Amazon Managed Service for Prometheus and other services in AWS in a secure and scalable manner. Network traffic that uses AWS PrivateLink doesn't traverse the public internet, reducing the exposure to threat vectors such as brute force and distributed denial-of-service attacks. Amazon Managed Service for Prometheus supports the latest API versions and will be automatically updated with the latest Prometheus feature set and patched to address any critical security vulnerabilities. 

Amazon Managed Service for Prometheus includes a remote write-compatible API that can ingest metrics from OpenTelemetry, Prometheus libraries, and existing Prometheus servers. Additionally, Amazon Managed Service for Prometheus collector, an agentless scraper, can be utilized to collect Prometheus metrics from Amazon EKS. Metrics can be ingested from any clusters running on AWS and hybrid environments, with on-demand scaling to meet your growing needs. Existing metric collectors such as the OpenTelemetry collector and the Prometheus server can be used to securely remote write Prometheus metrics to Amazon Managed Service for Prometheus from over 150+ third party Exporters such as Java/JMX, Apache Kafka, and Redis. A full list of Prometheus third party exporters can be found in the Prometheus documentation. 

The Prometheus server is one of many components of the Prometheus open source monitoring and alerting solution. The server can be used for service discovery of third-party Exporters to scrape and ingest millions of samples per second. The Prometheus server is often deployed in Kubernetes clusters to collect metrics on infrastructure and containerized applications. However, to manage the operational complexity of elastically scaling the ingestion, storage, and querying of metrics, Amazon Managed Service for Prometheus automatically adjusts as your container workloads scale up and down to deliver cost-effective performance metrics and consistent query response times. You can continue to use your Prometheus server to collect metrics, and securely remote write them to Amazon Managed Service for Prometheus. To learn more about writing your own client to use remote write, see  Building a Prometheus remote write exporter for the OpenTelemetry Go SDK.

Amazon Managed Service for Prometheus has two primary ways to collect data. The first is using a self-managed collector, such as  AWS Distro for OpenTelemetry , which is an enterprise-ready AWS supported distribution of OpenTelemetry that makes it easy to collect and send application metrics and traces to multiple AWS services. The second way is to use the Amazon Managed Service for Prometheus collector, an agentless scraper, to automatically discover and monitor Prometheus metrics from Amazon EKS applications and infrastructure.

Amazon Managed Service for Prometheus includes a query-compatible HTTP API that allows you to query metrics, metric labels, metric metadata, and time series metrics. Tools such as  Grafana,  an open source interactive visualization tool for time series data, are commonly used to query and visualize metrics from Prometheus. The Grafana Prometheus data source plugin can easily be configured to query metrics from Amazon Managed Service for Prometheus. You can also use Amazon Managed Grafana, a fully managed AWS service that makes it easy to use Grafana to monitor operational data with interactive data visualizations in a single console across multiple data sources, without needing to deploy, manage, and operate Grafana servers.

Amazon Managed Service for Prometheus also supports Prometheus alerting and recording rules that can be imported from your existing Prometheus server. Recording rules allow you to precompute frequently needed or computationally expensive PromQL queries, and save the results as new time series metrics. Alerting rules allow you to define alert conditions using PromQL, and send notifications to  Amazon Simple Notification Service (SNS) . Alert management features such as inhibition, grouping, and routing are also compatible with the Prometheus solution, so you can import existing Prometheus alert configurations using the Amazon Managed Service for Prometheus APIs. Once imported, PromQL queries defined in the alerts will be continuously evaluated against your Prometheus workspace, and can be integrated with SNS for notification.

An Amazon Managed Service for Prometheus workspace is a logical and isolated Prometheus server dedicated to Prometheus resources such as metrics, recording rules, and alerting rules, where you ingest, store, and query your Prometheus metrics.

Amazon Managed Service for Prometheus integrates with AWS security services to meet your compliance and security needs. AWS account users can control user access and permissions to individual Amazon Managed Service for Prometheus workspaces using AWS Identity and Access Management (IAM). All queries sent to the service are authorized by IAM. Amazon Managed Grafana seamlessly and securely connects to Amazon Managed Service for Prometheus using IAM authentication and private VPC endpoint connectivity.

Support for AWS PrivateLink secures access to our APIs without accessing the public internet to manage your workspaces and the ingestion and querying of Prometheus metrics. Amazon Managed Service for Prometheus will always support the latest API versions and will be automatically updated with the latest Prometheus feature set and patched to address any critical security vulnerabilities. You can enable AWS  CloudTrail  integration to have full audit visibility into changes such as workspaces created, deleted, and updated, and users accessing their Amazon Managed Service for Prometheus workspaces.

Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible service that will maintain always up-to-date HTTP API compatibility. The service allows you to self-manage (create, describe, list, and delete) Prometheus workspaces in all supported AWS Regions using the AWS Console, AWS CLI, and AWS SDKs.