diff --git a/receiver/awscloudwatchreceiver/config.go b/receiver/awscloudwatchreceiver/config.go index 5e3a2a6966f1..c46e79309e40 100644 --- a/receiver/awscloudwatchreceiver/config.go +++ b/receiver/awscloudwatchreceiver/config.go @@ -23,6 +23,7 @@ type Config struct { Region string `mapstructure:"region"` Profile string `mapstructure:"profile"` IMDSEndpoint string `mapstructure:"imds_endpoint"` + AssumeRole string `mapstructure:"assume_role"` Logs *LogsConfig `mapstructure:"logs"` } diff --git a/receiver/awscloudwatchreceiver/logs.go b/receiver/awscloudwatchreceiver/logs.go index c0f2a85e6469..69b1ee386cc5 100644 --- a/receiver/awscloudwatchreceiver/logs.go +++ b/receiver/awscloudwatchreceiver/logs.go @@ -11,6 +11,7 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/cloudwatchlogs" @@ -29,6 +30,7 @@ type logsReceiver struct { region string profile string imdsEndpoint string + assumeRole string pollInterval time.Duration maxEventsPerRequest int nextStartTime time.Time @@ -121,6 +123,7 @@ func newLogsReceiver(cfg *Config, logger *zap.Logger, consumer consumer.Logs) *l return &logsReceiver{ region: cfg.Region, profile: cfg.Profile, + assumeRole: cfg.AssumeRole, consumer: consumer, maxEventsPerRequest: cfg.Logs.MaxEventsPerRequest, imdsEndpoint: cfg.IMDSEndpoint, @@ -339,22 +342,48 @@ func (l *logsReceiver) discoverGroups(ctx context.Context, auto *AutodiscoverCon } return groups, nil } - func (l *logsReceiver) ensureSession() error { if l.client != nil { return nil } + + var sess *session.Session + var err error + + // Start with a basic AWS config awsConfig := aws.NewConfig().WithRegion(l.region) options := session.Options{ Config: *awsConfig, } + if l.imdsEndpoint != "" { options.EC2IMDSEndpoint = l.imdsEndpoint } if l.profile != "" { options.Profile = l.profile } - s, err := session.NewSessionWithOptions(options) - l.client = cloudwatchlogs.New(s) - return err + if l.assumeRole != "" { + // Role ARN is provided, initialize a basic session then assume the specified role + sts := session.Must(session.NewSessionWithOptions(options)) + if sts == nil { + err = errors.New("unable to create session") + return err + } + creds := stscreds.NewCredentials(sts, l.assumeRole) + // Create a new session with the assumed role's credentials + sess, err = session.NewSession(&aws.Config{ + Region: aws.String(l.region), + Credentials: creds, + }) + } else { + sess, err = session.NewSessionWithOptions(options) + } + // Depending on the configuration, create a session using the profile or assume a role + if err != nil { + return err + } + // Use the session to create the client + l.client = cloudwatchlogs.New(sess) + + return nil } diff --git a/receiver/awscloudwatchreceiver/logs_test.go b/receiver/awscloudwatchreceiver/logs_test.go index a0684ef6ed9f..5bef0ba0bec9 100644 --- a/receiver/awscloudwatchreceiver/logs_test.go +++ b/receiver/awscloudwatchreceiver/logs_test.go @@ -38,6 +38,14 @@ func TestStart(t *testing.T) { require.NoError(t, err) } +func TestCloudwatchClient(t *testing.T) { + cfg := createDefaultConfig().(*Config) + cfg.Region = "us-west-1" + cfg.Logs.Groups.AutodiscoverConfig = nil + + require.Equal(t, 1, 1) +} + func TestPrefixedConfig(t *testing.T) { cfg := createDefaultConfig().(*Config) cfg.Region = "us-west-1"