[awskinesisexporter] [RESOLVED] Cross account support

[chepati]

Component(s)

exporter/awskinesis

Is your feature request related to a problem? Please describe.

My OTel collector is in AWS account A and my Kinesis datastream is in AWS account B. It seems the awskinesisexporter can't send metrics to the datastream in another AWS account. If I specify just the stream_name, the exporter assumes it's in the same account/region and complains that it can't find it.

Describe the solution you'd like

Ideally, I can use the ARN of my kinesis datastream in stream_name:

exporters:
awskinesis:
aws:
stream_name: arn:aws:kinesis:REGION:ACCOUNT_ID:stream/stream_name

and as long as I have my IAM roles / policies set up correctly, the exporter should be able to talk to the kinesis datastream in the other AWS account.

Describe alternatives you've considered

No response

Additional context

No response

[github-actions]

Pinging code owners:

• exporter/awskinesis: @Aneurysm9 @MovieStoreGuy

See Adding Labels via Comments if you do not have permissions to add labels yourself.

[chepati]

Bump.

[MovieStoreGuy]

Mmm, interesting.

Makes sense. I don't think it would be too hard of a change to implement.

[parambath92]

Hi @MovieStoreGuy , I would like to work on this issue.

[github-actions]

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

• exporter/awskinesis: @Aneurysm9 @MovieStoreGuy

See Adding Labels via Comments if you do not have permissions to add labels yourself.

[HongChenTW]

Hi @parambath92, are you still working on this issue? If not, I would like to implement this feature.

[parambath92]

Hi @HongChenTW , I couldn't work on this feature. Please go ahead.

[HongChenTW]

Hi @chepati, would you mind to share the details of how you deploy the otel collector? While developing this feature, I was also checking the abilities of this exporter, and found out that we could send metrics to another AWS account by specify role to assume role and specify region to locate the stream region.

[chepati]

Hi @chepati, would you mind to share the details of how you deploy the otel collector? While developing this feature, I was also checking the abilities of this exporter, and found out that we could send metrics to another AWS account by specify role to assume role and specify region to locate the stream region.

Hi, @HongChenTW. First of all, apologies for the very late reply.

Yes, you're right, specifying an IAM role works. In fact, that's how I got it working. I am deploying otel collector to an EKS cluster, running under a specific service account. That service account is bound to an IAM role which is allowed to assume an IAM role in another AWS account, where the kinesis datastream is.

Once this is all set up, exporting to the kinesis datastream in another AWS account just works.

You can close this feature request. Perhaps a good explanation in the exporter's README will be useful.

Thanks all who took the time to look into this.