Skip to content

DOC-13836 Document External ID configuration for log & metric export from CRDB Advanced cluster #19695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 4, 2025
Merged

DOC-13836 Document External ID configuration for log & metric export from CRDB Advanced cluster #19695

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0f80a6e
In cockroachcloud/export-metrics-advanced.md, added steps for optiona…
florence-crl Jun 2, 2025
fc1213a
Merge remote-tracking branch 'origin/main' into DOC-13836
florence-crl Jun 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions src/current/cockroachcloud/export-metrics-advanced.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,8 @@ Perform the following steps to enable metrics export from your CockroachDB {{ si
1. Select **Roles** and click **Create role**.
1. For **Trusted entity type**, select **AWS account**.
1. Choose **Another AWS account**.
1. For **Account ID**, provide the CockroachDB {{ site.data.products.advanced }} cloud provider account ID from step 3.
1. For **Account ID**, provide the CockroachDB {{ site.data.products.advanced }} cloud provider account ID from step 3.
1. (Optional) Select the option to **Require external ID**, and for the value of **External ID**, provide a string determined by your security policy. If **External ID** is set, you **must** include it in the `POST` command in Step 8.
1. Finish creating the IAM role with a suitable name. These instructions will use the role name `CockroachCloudMetricsExportRole`. You do not need to add any permissions.

{{site.data.alerts.callout_info}}
Expand Down Expand Up @@ -139,7 +140,7 @@ Perform the following steps to enable metrics export from your CockroachDB {{ si
curl --request POST \
--url https://cockroachlabs.cloud/api/v1/clusters/{cluster_id}/metricexport/cloudwatch \
--header "Authorization: Bearer {secret_key}" \
--data '{"target_region": "{aws_region}", "role_arn": "arn:aws:iam::{role_arn}:role/CockroachCloudMetricsExportRole", "log_group_name": "{log_group_name}"}'
--data '{"target_region": "{aws_region}", "role_arn": "arn:aws:iam::{role_arn}:role/CockroachCloudMetricsExportRole", "log_group_name": "{log_group_name}", "external_id": "{external_id}"}'
~~~

Where:
Expand All @@ -148,6 +149,7 @@ Perform the following steps to enable metrics export from your CockroachDB {{ si
- `{aws_region}` is your AWS region, like `us-east-1`.
- `{role_arn}` is the ARN for the `CockroachCloudMetricsExportRole` role you copied in step 7. If you used a different role name there, be sure to use your role name in place of `CockroachCloudMetricsExportRole` in the above command.
- `{log_group_name}` is the target Amazon CloudWatch log group you created in step 1. This **must** be the same group name you provided in step 6.
- `{external_id}` is the **External ID** specified in the target Amazon cross-account IAM role in step 4.d.b. If specified, this **must** match the string provided in step 4.d.b. If not specified, leave this value empty, for example: `"external_id": ""`.

Specifying an AWS region (to `{aws_region}`) that you do not have a cluster in, or a region that only partially covers your cluster's nodes will result in missing metrics.

Expand Down
Loading