Grafana AWS Go SDK not able to communicate with new partition endpoints

[mourya92]

What happened: New regions like eu-isoe-west-1 is not shown in the Default Region dropdown section in AWS datasource configurations like CloudWatch (For example)

Even if I set the region explicitly to eu-isoe-west-1, the DNS Suffix is being assigned incorrectly.

It should be cloud.adc-e.uk while Grafana is using amazonaws.com.

I see these new regions, partitions are already added to publicly available AWS Go SDK https://github.com/aws/aws-sdk-go/blame/main/aws/endpoints/defaults.go

May be you just need to consume the latest version to fix this issue.

What you expected to happen: Requests should go to https://<service>.eu-isoe-west-1.cloud.adc-e.uk/

How to reproduce it (as minimally and precisely as possible): Create a AWS datasource like CloudWatch and try to set the region to eu-isoe-west-1, hit Save & Test Button

Error:

CloudWatch metrics query failed: RequestError: send request failed caused by: Post "https://sts.eu-isoe-west-1.amazonaws.com/": dial tcp: lookup sts.eu-isoe-west-1.amazonaws.com on xxxx:53: no such host 2. CloudWatch logs query failed: RequestError: send request failed caused by: Post "https://sts.eu-isoe-west-1.amazonaws.com/": dial tcp: lookup sts.eu-isoe-west-1.amazonaws.com on xxxx:53: no such host

Screenshots

Anything else we need to know?:

Environment:

• Grafana version: v.9.2.6
• Sdk version: out-of-the-box Grafana's CloudWatch datasource
• OS Grafana is installed on: AL2
• User OS & Browser: Firefox/Chrome
• Others:

[kevinwcyu]

Hi @mourya92, if you manually set the endpoint in the configuration in addition to setting the region manually, does that work?

[mourya92]

Hi Kevin,

It did not work even with setting the endpoint manually. The STS AssumeRole API call is going to wrong endpoint (it's going to CloudWatch endpoint). We cannot use hard-coded credentials for our use-case; we must use role based credentials.

This is the error:

`1. CloudWatch metrics query failed: InvalidAction: Could not find operation AssumeRole for version 2011-06-15 status code: 400, request id: ab2cc51b-d50a-41b3-8774-0288f9330e6f

2. CloudWatch logs query failed: InvalidAction: Could not find operation AssumeRole for version 2011-06-15 status code: 400, request id: ab60980f-f6e2-44f0-afac-b6906bcd4e98`

[mourya92]

Also, just for testing the scenario, I used SDK default credentials with endpoint as https://monitoring.eu-isoe-west-1.cloud.adc-e.uk ;

This is the output:

1. Successfully queried the CloudWatch metrics API. 2. CloudWatch logs query failed: SerializationError: failed to unmarshal response error status code: 404, request id: a6f41378-f745-47f6-bd90-fabe4bc1ba2f caused by: UnmarshalError: failed decoding error message 00000000 3c 55 6e 6b 6e 6f 77 6e 4f 70 65 72 61 74 69 6f |<UnknownOperatio| 00000010 6e 45 78 63 65 70 74 69 6f 6e 2f 3e 0a |nException/>.| caused by: invalid character '<' looking for beginning of value

It looks like CloudWatch metrics API succeeded but not the logs API.

It'd be great if you can add support for new regions.

[kevinwcyu]

Hi @mourya92, are you able to try with a version of Grafana that is >= v10.2.x? We updated grafana-aws-sdk in v10.2.0 to include a version of the aws-sdk-go that includes the new partition.

We no longer support v.9.2.6 of Grafana so it will not get an update of the grafana-aws-sdk