Skip to content

SigV4 Authentication Support for OTLP HTTP Logs Exporter #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Jul 1, 2025
Merged

SigV4 Authentication Support for OTLP HTTP Logs Exporter #181

merged 22 commits into from
Jul 1, 2025

Conversation

@liustve
Copy link
Contributor

@liustve liustve commented May 12, 2025
edited
Loading

Issue #, if available:
Supporting ADOT JS auto instrumentation to automatically inject SigV4 authentication headers for outgoing log requests to the allow exporting to the AWS Logs OTLP endpoint. Users will need to configure the following environment variables in order to enable and properly run this exporter:

OTEL_EXPORTER_OTLP_LOGS_ENDPOINT=https://logs.[AWS-REGION].amazonaws.com/v1/logs; required
OTEL_EXPORTER_OTLP_LOGS_HEADERS=x-aws-log-group=[CW-LOG-GROUP-NAME],x-aws-log-stream=[CW-LOG-STREAM-NAME] required
OTEL_LOGS_EXPORTER=otlp required or do not set env variable
OTEL_EXPORTER_OTLP_LOGS_PROTOCOL=http/protobuf required or do not set env variable
OTEL_METRICS_EXPORTER=none

This feature currently supports only 2 logging libraries by auto-instrumentation, Bunyan and Winston:
https://docs.honeycomb.io/send-data/logs/opentelemetry/sdk/javascript/

Description of changes:

  1. Add new AwsAuthenticator class used by both OtlpAwsLogExporter and OtlpAwsSpanExporter which extends the upstream OTLPProtoLogExporter to inject Sigv4 headers directly into the headers.

  2. Modified ADOT JS auto instrumentation to automatically detect if a user is exporting to CW Logs OTLP Logs endpoint by checking if the environment variable OTEL_EXPORTER_OTLP_LOGS_ENDPOINT is configured to match this url pattern: https://logs.[AWS-REGION].amazonaws.com/v1/logs

Testing:

  1. E2E test done in an empty EC2 environment without configuring .aws credentials config file or setting AWS credentials in the environment variable
  2. Manual testing was done by configuring the above environment variables and setting up the sample app locally with ADOT auto instrumentation and verified the logs in CW Logs.
  3. Unit tests were added to verify functionality of OtlpAwsLogsExporter

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Example log in CW Logs:

{
    "resource": {
        "attributes": {
            "service.name": "unknown_service:/home/ec2-user/.local/share/mise/installs/node/22.14.0/bin/node",
            "process.command_args": [
                "/home/ec2-user/.local/share/mise/installs/node/22.14.0/bin/node",
                "--experimental-network-inspection",
                "--require",
                "@aws/aws-distro-opentelemetry-node-autoinstrumentation/register",
                "/home/ec2-user/aws-otel-js-instrumentation/sample-applications/simple-express-server/sample-app-express-server.js"
            ],
            "process.runtime.version": "22.14.0",
            "process.pid": 1599620,
            "process.executable.name": "/home/ec2-user/.local/share/mise/installs/node/22.14.0/bin/node",
            "telemetry.sdk.name": "opentelemetry",
            "process.owner": "ec2-user",
            "telemetry.sdk.language": "nodejs",
            "process.runtime.name": "nodejs",
            "process.executable.path": "/home/ec2-user/.local/share/mise/installs/node/22.14.0/bin/node",
            "host.arch": "amd64",
            "telemetry.sdk.version": "1.30.1",
            "process.command": "/home/ec2-user/aws-otel-js-instrumentation/sample-applications/simple-express-server/sample-app-express-server.js",
            "host.name": "ip-172-31-7-29.us-west-2.compute.internal",
            "process.runtime.description": "Node.js",
            "telemetry.auto.version": "0.6.0-dev0-aws",
            "host.id": "ec2ccd3acc52be039f977d9b1de7c64d"
        }
    },
    "scope": {
        "name": "default"
    },
    "timeUnixNano": 1748220324612000000,
    "observedTimeUnixNano": 1748220324612000000,
    "severityNumber": 9,
    "severityText": "INFO",
    "body": "Received request to /rolldice",
    "attributes": {
        "endpoint": "/rolldice"
    },
    "flags": 1,
    "traceId": "6833b9a4cccf4d9bfb82b11686fd8f63",
    "spanId": "bd19f2fcbc107755"
}

@liustve liustve requested a review from a team as a code owner May 12, 2025 20:17
@liustve liustve marked this pull request as draft May 12, 2025 20:17
@liustve liustve self-assigned this May 12, 2025
@liustve liustve closed this May 27, 2025
@liustve liustve changed the title [WIP] SigV4 Authentication Support for OTLP HTTP Logs Exporter SigV4 Authentication Support for OTLP HTTP Logs Exporter May 28, 2025
@liustve liustve reopened this May 28, 2025
@liustve liustve marked this pull request as ready for review May 28, 2025 00:28
@liustve liustve requested review from jj22ee and srprash May 28, 2025 00:28
@liustve liustve mentioned this pull request May 28, 2025
Closed
@jj22ee
Copy link
Contributor

jj22ee commented Jun 12, 2025

This feature currently supports only 2 logging libraries by auto-instrumentation, Bunyan and Winston:
https://docs.honeycomb.io/send-data/logs/opentelemetry/sdk/javascript/

Can we support Pino as well? We mention it in our docs and is considered top 2 popular logging libraries for Node.js.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Application-Signals-TraceLogCorrelation.html

The Pino, Winston, or Bunyan auto-instrumentations for Node.js.

jj22ee
jj22ee reviewed Jun 13, 2025
View reviewed changes
@liustve
Copy link
Contributor Author

liustve commented Jun 20, 2025

This feature currently supports only 2 logging libraries by auto-instrumentation, Bunyan and Winston:
https://docs.honeycomb.io/send-data/logs/opentelemetry/sdk/javascript/

Can we support Pino as well? We mention it in our docs and is considered top 2 popular logging libraries for Node.js.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Application-Signals-TraceLogCorrelation.html

The Pino, Winston, or Bunyan auto-instrumentations for Node.js.

Yep should also support Pino as well, I missed that in the description.

jj22ee
jj22ee reviewed Jun 24, 2025
View reviewed changes
Copy link
Contributor

@jj22ee jj22ee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't looked at the new unit tests yet, will look in a second pass

jj22ee
jj22ee reviewed Jun 26, 2025
View reviewed changes
@liustve liustve merged commit ad3e0d3 into aws-observability:main Jul 1, 2025
9 checks passed
@liustve liustve deleted the sigv4_logs branch July 1, 2025 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mxiamxia mxiamxia mxiamxia approved these changes

@jj22ee jj22ee jj22ee approved these changes

@srprash srprash Awaiting requested review from srprash

Assignees

@liustve liustve

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liustve @jj22ee @mxiamxia