Skip to content

Cross account prometheus monitoring not working as expected.  #95

Description

@AbbasHallal

We have an Account A where prometheus along with prometheus-ecs-discovery are installed and working properly. We need to achieve monitoring in different accounts (B,C,D ...) from account A and I guess -config.role-arn would help us to do so.

It only worked for us between account A and other account B. Could not find a way to monitor C and D.

What I need to achieve is the following:

"command": [
               "-config.write-to=/etc/prometheus/data/ecs_file_sd.yml",
               "-config.role-arn=arn:aws:iam::Account_A_ID:role/ecs-discover-role"]

ecs-discover-role is trusted on account B, C and D however it's not able to see the clusters and if I pass the arn of a remote cluster B it would output and error InvalidParameterException InvalidParameterException: Identifier is Account_A_ID

It just work if I pass the -config.role-arn=arn:aws:iam::Account_B_ID:role/service-role so it's assumed buy the role in Account A and by this I can pass the arn of the remote cluster of account B and it would be able to discover it and update the ecs_file_sd

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions