search

qonto / prometheus-rds-exporter

Prometheus exporter for AWS RDS
MIT License
69 stars 11 forks source link

connecting to wrong sts endpoint https://sts..amazonaws.com #100

Closed Sampathreddygopireddy118 closed 2 months ago

Sampathreddygopireddy118 commented 10 months ago

Describe the bug I'm using your helm chart and I have passed the assume role PROMETHEUS_RDS_EXPORTER_AWS_ASSUME_ROLE_ARN: arn:aws:iam::00000000:role/rds-exporter and I see it is trying to get the GetCallerIdentity it is trying with wrong sts end point. below is the log

{"time":"2023-12-27T18:17:04.653877227Z","level":"DEBUG","msg":"Assume role","role":"arn:aws:iam::00000000:role/rds-exporter"} {"time":"2023-12-27T18:17:04.653954968Z","level":"DEBUG","msg":"search AWS region using IMDS"} {"time":"2023-12-27T18:17:04.656602818Z","level":"INFO","msg":"found AWS region via IMDS","region":"us-east-1"} {"time":"2023-12-27T18:17:04.658949862Z","level":"ERROR","msg":"can't identify AWS account and/or region","reason":"can't fetch information about current session: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 0, RequestID: , request send failed, Post \"https://sts..amazonaws.com/\": dial tcp: lookup sts..amazonaws.com: no such host"}

A clear and concise description of what the bug is. wrong sts end point Desktop (please complete the following information):

To Reproduce add env parametes as below in the vaules.yaml env: PROMETHEUS_RDS_EXPORTER_DEBUG: "true" PROMETHEUS_RDS_EXPORTER_AWS_ASSUME_ROLE_ARN: arn:aws:iam::00000000:role/rds-exporter PROMETHEUS_RDS_EXPORTER_AWS_ASSUME_ROLE_SESSION: "rds-exporter" Steps to reproduce the behavior

Expected behavior

A clear and concise description of what you expected to happen. It has to connect to https://sts.amazonaws.com Additional context sts endpoint has 2 dots (..) Add any other context about the problem here.

vmercierfr commented 10 months ago

Hello,

There is a problem finding the correct address for the AWS STS service. It should be sts.us-east-1.amazonaws.com (or sts.amazonaws.com in legacy environment).

It could be related to the AWS authentication method used. I'd be happy to help you solve this deployment problem.

Can you share more context about your deployment:

And test the following steps:

  1. Check that the AWS credentials used in the Kubernetes pod are correct
  2. Set AWS_DEFAULT_REGION and AWS_REGION

Thanks,

vmercierfr commented 9 months ago

Hello @Sampathreddygopireddy118,

Do you still have an issue with STS? If yes, can you apply suggestions from my previous message. If there is no update, I will close the issue by the end of the week to avoid outdated issues.

Thanks,

TeiNam commented 9 months ago

When a value is entered into AWSAssumeRoleArn in prometheus-rds-exporter.yaml, the following error occurs:

{"time":"2024-02-05T07:42:08.517821632Z","level":"ERROR","msg":"can't identify AWS account and/or region","reason":"can't fetch information about current session: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 0, RequestID: , request send failed, Post \"https://sts..amazonaws.com/\": dial tcp: lookup sts..amazonaws.com: no such host"}

If the ARN value is not entered, the issue does not occur.

0.6.0 ver. use binary ec2, linux

bryanfang commented 7 months ago

the issue will also occur when fetch metrics from AWS China, since the domain name for AWS China is amazonaws.com.cn rather then amazonaws.com

vmercierfr commented 7 months ago

The AWS SDK should use amazonaws.com.cn domain automatically. To make it work you need to set AWS_DEFAULT_REGION and AWS_REGION environment variables and the role ARN should use aws-cn partition like arn:aws-cn:iam::00000000:role/rds-exporter

Do you still have the issue with these parameters?

qfritz commented 2 months ago

Closing this request as it looks like it has been resolved with last comment.