connecting to wrong sts endpoint https://sts..amazonaws.com

[Sampathreddygopireddy118]

Describe the bug
I'm using your helm chart and I have passed the assume role PROMETHEUS_RDS_EXPORTER_AWS_ASSUME_ROLE_ARN: arn:aws:iam::00000000:role/rds-exporter and I see it is trying to get the GetCallerIdentity it is trying with wrong sts end point. below is the log

{"time":"2023-12-27T18:17:04.653877227Z","level":"DEBUG","msg":"Assume role","role":"arn:aws:iam::00000000:role/rds-exporter"}
{"time":"2023-12-27T18:17:04.653954968Z","level":"DEBUG","msg":"search AWS region using IMDS"}
{"time":"2023-12-27T18:17:04.656602818Z","level":"INFO","msg":"found AWS region via IMDS","region":"us-east-1"}
{"time":"2023-12-27T18:17:04.658949862Z","level":"ERROR","msg":"can't identify AWS account and/or region","reason":"can't fetch information about current session: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts..amazonaws.com/\": dial tcp: lookup sts..amazonaws.com: no such host"}

A clear and concise description of what the bug is.
wrong sts end point
Desktop (please complete the following information):

• OS: [e.g. Linux]
• Prometheus RDS exporter's version [e.g. 1.1]
• RDS engine: [e.g. PostgreSQL]

To Reproduce
add env parametes as below in the vaules.yaml
env:
PROMETHEUS_RDS_EXPORTER_DEBUG: "true"
PROMETHEUS_RDS_EXPORTER_AWS_ASSUME_ROLE_ARN: arn:aws:iam::00000000:role/rds-exporter
PROMETHEUS_RDS_EXPORTER_AWS_ASSUME_ROLE_SESSION: "rds-exporter"
Steps to reproduce the behavior

Expected behavior

A clear and concise description of what you expected to happen.
It has to connect to https://sts.amazonaws.com
Additional context
sts endpoint has 2 dots (..)
Add any other context about the problem here.

[vmercierfr]

Hello,

There is a problem finding the correct address for the AWS STS service. It should be sts.us-east-1.amazonaws.com (or sts.amazonaws.com in legacy environment).

It could be related to the AWS authentication method used. I'd be happy to help you solve this deployment problem.

Can you share more context about your deployment:

• What version of the RDS exporter do you use?
• Are you using AWS EKS?
• What authentication method are you using (IRSA, AWS IAM credentials via AWS environment variables, AWS IAM credentials in a file, SSO, ...)?

And test the following steps:

1. Check that the AWS credentials used in the Kubernetes pod are correct
2. Set AWS_DEFAULT_REGION and AWS_REGION

Thanks,

[vmercierfr]

Hello @Sampathreddygopireddy118,

Do you still have an issue with STS? If yes, can you apply suggestions from my previous message. If there is no update, I will close the issue by the end of the week to avoid outdated issues.

Thanks,

[TeiNam]

When a value is entered into AWSAssumeRoleArn in prometheus-rds-exporter.yaml, the following error occurs:

{"time":"2024-02-05T07:42:08.517821632Z","level":"ERROR","msg":"can't identify AWS account and/or region","reason":"can't fetch information about current session: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, operation error STS: AssumeRole, https response error StatusCode: 0, RequestID: , request send failed, Post \"https://sts..amazonaws.com/\": dial tcp: lookup sts..amazonaws.com: no such host"}

If the ARN value is not entered, the issue does not occur.

0.6.0 ver.
use binary
ec2, linux

[bryanfang]

the issue will also occur when fetch metrics from AWS China, since the domain name for AWS China is amazonaws.com.cn rather then amazonaws.com

[vmercierfr]

The AWS SDK should use amazonaws.com.cn domain automatically. To make it work you need to set AWS_DEFAULT_REGION and AWS_REGION environment variables and the role ARN should use aws-cn partition like arn:aws-cn:iam::00000000:role/rds-exporter

Do you still have the issue with these parameters?

[qfritz]

Closing this request as it looks like it has been resolved with last comment.