Add role based auth to CloudWatch exporter doc #3156
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Role based authentication is added for CloudWatch exporter that allows to authenticate with users' AWS accounts and we need to document configuration that needs to be done on the user side to make it work.
|
Allow 10 minutes from last push for the staging site to build. If the link doesn't work, try using incognito mode instead. For internal reviewers, check web-documentation repo actions for staging build status. Link to build for this PR: http://docs-dev.timescale.com/docs-update-cloudwatch-exporter-ingetrations |
minkimipt
commented
Apr 26, 2024
| } | ||
| ``` | ||
|
|
||
| Trust Policy: |
There was a problem hiding this comment.
@niconosenzo why do we call it trust policy here if it's a role?
There was a problem hiding this comment.
🤔 it was the trust policy that began in line 152 of my commit. Will double check though
There was a problem hiding this comment.
I think if we want to be aligned with how AWS calls them in the blog, we need to call it a role with a trust policy
3. Create a role in the shared_content account that provides ReadOnlyAccess to all objects in pics bucket. Users federated by OIDC provider are allowed to assume this role.
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::shared_content_account_id:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/oidc-id"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.us-east-1.amazonaws.com/id/oidc-id:aud": "sts.amazonaws.com"
}
}
}
]
}
There was a problem hiding this comment.
TBH, for me it's always easier to split a role among permission policies and trust policies. But yeah we can call it a role if that makes more sense.
minkimipt
commented
Apr 29, 2024
Nice. Co-authored-by: Danil Zhigalin <danil@timescale.com> Signed-off-by: Iain Cox <iain@timescale.com>
|
Oh no, the docs build failed! To see why visit the failing build (link only accessible to Timescalers). |
|
@billy-the-fish last docs build that I saw looked good to me. The PR was actually started by me, that's why I'm not allowed to approve it, but I think it looks good. @niconosenzo do you want to have a final look to? |
AWS docs refer to this as a role. Make sure we are talking about the same thing in our docs.
niconosenzo
reviewed
May 3, 2024
Co-authored-by: Nicolas Nosenzo <niconosenzo@gmail.com> Signed-off-by: Iain Cox <iain@timescale.com>
billy-the-fish
added a commit
that referenced
this pull request
May 10, 2024
* Add role based auth to CloudWatch exporter doc Role based authentication is added for CloudWatch exporter that allows to authenticate with users' AWS accounts and we need to document configuration that needs to be done on the user side to make it work. * add provider URLs and role example * Clarify what the URL serves for * chore: first go updating the configuration procedure. * chore: updates after first review. * chore: updates after first review. * Update use-timescale/metrics-logging/integrations.md Nice. Co-authored-by: Danil Zhigalin <danil@timescale.com> Signed-off-by: Iain Cox <iain@timescale.com> * fix: update metatags for MDX. * Replace trust policy to a role AWS docs refer to this as a role. Make sure we are talking about the same thing in our docs. * Update use-timescale/metrics-logging/integrations.md Co-authored-by: Nicolas Nosenzo <niconosenzo@gmail.com> Signed-off-by: Iain Cox <iain@timescale.com> --------- Signed-off-by: Iain Cox <iain@timescale.com> Co-authored-by: niconosenzo <niconosenzo@gmail.com> Co-authored-by: billy-the-fish <iain.cox@sarkdocumentation.com> Co-authored-by: Iain Cox <iain@timescale.com>
billy-the-fish
added a commit
that referenced
this pull request
May 10, 2024
* Merging up stubs into main documents, editing, formatting * Oops typo * Update for linter Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> * Update administration.md Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> * fix: update navigation and links for page merge. * fix: clean up de-chunking. * fix: clean up de-chunking. * feat: unite stubs. * feat: unite stubs. * Fix typo (#3052) Signed-off-by: Florian Mt <fmonfort@enssat.fr> Co-authored-by: Iain Cox <iain.cox@sarkdocumentation.com> * Fix typo in troubleshooting section (#3073) * Update live-migration to v0.0.9 (#3071) Co-authored-by: Iain Cox <iain.cox@sarkdocumentation.com> * Copy Nit (#3078) Signed-off-by: Austin Lai <76412946+alai97@users.noreply.github.com> * Update import-csv.md (#3080) Make time column references consistent Signed-off-by: Solar Olugebefola <12288273+solugebefola@users.noreply.github.com> * Update new about compression (#3012) * live-migration: Add docs changes for v0.0.10 (#3091) Signed-off-by: Arunprasad Rajkumar <ar.arunprasad@gmail.com> * Add Google CA (#3090) We've added a new CA provider to our cloud, reflecting this fact in the docs. * Update ruby.md (#3065) * Update ruby.md Modify references to Timescale/TimescaleDB/Timescale Cloud Signed-off-by: Solar Olugebefola <12288273+solugebefola@users.noreply.github.com> * fix: update TOC links to match headings. * fix: update TOC links to match headings. * fix: correct product name. --------- Signed-off-by: Solar Olugebefola <12288273+solugebefola@users.noreply.github.com> Co-authored-by: Iain Cox <iain.cox@sarkdocumentation.com> * live-migration: Add docs changes for v0.0.11 (#3096) Signed-off-by: Arunprasad Rajkumar <ar.arunprasad@gmail.com> * Move multinode migration under playbooks (#3110) * 3113 docs rfc add new editor (#3115) * First draft * Complete article, add images * Add a screenshot of PopSQL * Update popsql_button_in_console Highlighted the button * Wrap text * feat: update PopSQL page, get started and update sections with PopSQL information. * feat: link to images on S3. * fix: language cleanup. * Apply suggestions from code review Co-authored-by: sremertimescale <165809978+sremertimescale@users.noreply.github.com> Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> * fix: language cleanup after review. * fix: another language review. * fix: updates following review by Ramon. * Update use-timescale/popsql.md Co-authored-by: Ramon Guiu <ramon@timescale.com> Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> * Update use-timescale/query-data/about-query-data.md Co-authored-by: Ramon Guiu <ramon@timescale.com> Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> * fix: add contact information to add more seats. --------- Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> Co-authored-by: Rahil Sondhi <rahilsondhi@gmail.com> Co-authored-by: sremertimescale <165809978+sremertimescale@users.noreply.github.com> Co-authored-by: Ramon Guiu <ramon@timescale.com> * fix: numbering and full stop. (#3120) * missing word in add_reorder_policy (#3106) Signed-off-by: Sam Debruyn <sam@debruyn.dev> Co-authored-by: Iain Cox <iain.cox@sarkdocumentation.com> * Restrict usage of time_bucket_ng in CAggs (#3112) The function time_bucket_ng is deprecated and should not be used in new CAggs. 2.15.0 will also block the usage of this function. * fix: broken links. (#3123) * fix: broken links. * fix: broken links. * Update CAgg add_continuous_aggregate_policy documentation (#3128) * fix: deprecate distributed hypertables from the API reference. (#3134) * fix: update API reference for set_integer_now_func. (#3135) * fix: update API reference for set_integer_now_func. Co-authored-by: Jônatas Davi Paganini <jonatas@timescale.com> Signed-off-by: Iain Cox <iain@timescale.com> * Add compression settings information views (#3142) * fix: using the public API to check the chunk time interval for a hypertable. (#3141) * 3144 docs rfc be more clear about tiered storage being on timescale not on self hosted (#3145) * feat: update tiered storage overview * feat: update tiered storage overview * Update alter_job.md (#3103) Added missing information in alter_job options Signed-off-by: Fabrízio de Royes Mello <fabriziomello@gmail.com> Co-authored-by: Iain Cox <iain@timescale.com> * fix: some broken links. A couple of text updates. (#3151) * feat: FAQ for live migration (#3139) Signed-off-by: Harkishen-Singh <harkishensingh@hotmail.com> * chore: update live-migration to v0.0.13 (#3150) Signed-off-by: Harkishen-Singh <harkishensingh@hotmail.com> * Add pgstattuple to list of available extensions (#3154) * fix: clarify that each service hosts a single service only. (#3161) * fix: change link in Migrate the entire database at once to the live migration page. (#3159) * Add warning about SERIAL types and dual-write (#3162) * Address possible installation issues regarding psycopg2 (#3165) * Address possible installation issues regarding psycopg2 * Address possible installation issues regarding psycopg2 * chore: few language updates for the install procedure. --------- Co-authored-by: billy-the-fish <iain.cox@sarkdocumentation.com> * Add troubleshooting note about partial continuous aggregates (#3164) Signed-off-by: James Guthrie <JamesGuthrie@users.noreply.github.com> Co-authored-by: billy-the-fish <iain.cox@sarkdocumentation.com> * 2829 obsolete restriction on replication factor 1 still in the docs 1 (#3129) * fix: update create_distributed_hypertable * Recommend live-migration instead of dual-writes (#3173) * Refer to live-migration 0.0.14 (#3179) Signed-off-by: Arunprasad Rajkumar <ar.arunprasad@gmail.com> * feat: add version downgrade for live-migration FAQ (#3163) Signed-off-by: Harkishen-Singh <harkishensingh@hotmail.com> This commit adds a FAQ question that helps users to downgrade TimescaleDB version on their target database to match with the source database. This is useful when the source database (MST) does not have the TimescaleDB version that the target database is installed with. * Make some changes to refresh cagg note (#3146) * Make some changes to refresh cagg note This fixes one typo and changes a few other words. Signed-off-by: RobAtticus <rob@timescale.com> * chore: updates after review. --------- Signed-off-by: RobAtticus <rob@timescale.com> Co-authored-by: Iain <iain@timescale.com> * Add role based auth to CloudWatch exporter doc (#3156) * Add role based auth to CloudWatch exporter doc Role based authentication is added for CloudWatch exporter that allows to authenticate with users' AWS accounts and we need to document configuration that needs to be done on the user side to make it work. * add provider URLs and role example * Clarify what the URL serves for * chore: first go updating the configuration procedure. * chore: updates after first review. * chore: updates after first review. * Update use-timescale/metrics-logging/integrations.md Nice. Co-authored-by: Danil Zhigalin <danil@timescale.com> Signed-off-by: Iain Cox <iain@timescale.com> * fix: update metatags for MDX. * Replace trust policy to a role AWS docs refer to this as a role. Make sure we are talking about the same thing in our docs. * Update use-timescale/metrics-logging/integrations.md Co-authored-by: Nicolas Nosenzo <niconosenzo@gmail.com> Signed-off-by: Iain Cox <iain@timescale.com> --------- Signed-off-by: Iain Cox <iain@timescale.com> Co-authored-by: niconosenzo <niconosenzo@gmail.com> Co-authored-by: billy-the-fish <iain.cox@sarkdocumentation.com> Co-authored-by: Iain Cox <iain@timescale.com> * fix: document actual behavior of add_continuous_aggregate_policy when using if_not_exists (#3037) Signed-off-by: dtext <textores.danny@gmail.com> Co-authored-by: Iain Cox <iain@timescale.com> * fix: add verb to sentence. (#3131) * fix: add verb to sentence. * fix: update after review. * fix: update navigation and links for page merge. * fix: clean up de-chunking. * chore: migrate changes in future versions back to this PR. * fix: my fatal weakness. * fix: one broken link fixed. * fix: more link fixing after manual check. --------- Signed-off-by: Iain Cox <iain.cox@sarkdocumentation.com> Signed-off-by: Florian Mt <fmonfort@enssat.fr> Signed-off-by: Austin Lai <76412946+alai97@users.noreply.github.com> Signed-off-by: Solar Olugebefola <12288273+solugebefola@users.noreply.github.com> Signed-off-by: Arunprasad Rajkumar <ar.arunprasad@gmail.com> Signed-off-by: Sam Debruyn <sam@debruyn.dev> Signed-off-by: Iain Cox <iain@timescale.com> Signed-off-by: Fabrízio de Royes Mello <fabriziomello@gmail.com> Signed-off-by: Harkishen-Singh <harkishensingh@hotmail.com> Signed-off-by: James Guthrie <JamesGuthrie@users.noreply.github.com> Signed-off-by: RobAtticus <rob@timescale.com> Signed-off-by: dtext <textores.danny@gmail.com> Co-authored-by: Jay Allen <44067410+gaiaslastlaugh@users.noreply.github.com> Co-authored-by: James Sewell <james.sewell@gmail.com> Co-authored-by: Florian Mt <fmonfort@enssat.fr> Co-authored-by: Ante Kresic <antekresic@users.noreply.github.com> Co-authored-by: James Guthrie <JamesGuthrie@users.noreply.github.com> Co-authored-by: Austin Lai <76412946+alai97@users.noreply.github.com> Co-authored-by: Solar Olugebefola <12288273+solugebefola@users.noreply.github.com> Co-authored-by: Arunprasad Rajkumar <ar.arunprasad@gmail.com> Co-authored-by: Danil Zhigalin <danil@timescale.com> Co-authored-by: Konstantinos Gkiokas <giokostis@gmail.com> Co-authored-by: Rahil Sondhi <rahilsondhi@gmail.com> Co-authored-by: sremertimescale <165809978+sremertimescale@users.noreply.github.com> Co-authored-by: Ramon Guiu <ramon@timescale.com> Co-authored-by: Sam Debruyn <sam@debruyn.dev> Co-authored-by: Jan Nidzwetzki <jan@timescale.com> Co-authored-by: Jônatas Davi Paganini <jonatas@timescale.com> Co-authored-by: Fabrízio de Royes Mello <fabriziomello@gmail.com> Co-authored-by: Harkishen Singh <harkishensingh@hotmail.com> Co-authored-by: John Pruitt <jgpruitt@gmail.com> Co-authored-by: alejandrodnm <alejandrodnm@gmail.com> Co-authored-by: RobAtticus <rob@timescale.com> Co-authored-by: niconosenzo <niconosenzo@gmail.com> Co-authored-by: dtext <textores.danny@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Role based authentication is added for CloudWatch exporter that allows to authenticate with users' AWS accounts and we need to document configuration that needs to be done on the user side to make it work.
Description
[Short summary of why you created this PR]
Links
Fixes #3155
Writing help
For information about style and word usage, see the style guide
Review checklists
Reviewers: use this section to ensure you have checked everything before approving this PR:
Subject matter expert (SME) review checklist
Documentation team review checklist
and have they been implemented?