SigV4 Authentication Support for OTLP HTTP Logs Exporter #358
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Thanks Steve - Code structure looks clean overall with good separation of concerns. Did some E2E testing as well and can confirm functionality. My only concern is the approach to use multiple inheritance:
Perhaps we could consider another approach where we simplify by just extracting the common SigV4 auth into a utility function or class. For example: |
srprash
reviewed
May 6, 2025
aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py
Show resolved
Hide resolved
aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py
Show resolved
Hide resolved
aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py
Outdated
Show resolved
Hide resolved
mxiamxia
reviewed
May 7, 2025
aws-opentelemetry-distro/tests/amazon/opentelemetry/distro/test_aws_auth_session.py
Outdated
Show resolved
Hide resolved
srprash
reviewed
May 9, 2025
Contributor
srprash
left a comment
srprash
left a comment
There was a problem hiding this comment.
Also, you would want to update the PR description since it is no longer accurate. :)
aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py
Show resolved
Hide resolved
aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py
Outdated
Show resolved
Hide resolved
aws-opentelemetry-distro/src/amazon/opentelemetry/distro/aws_opentelemetry_configurator.py
Outdated
Show resolved
Hide resolved
srprash
approved these changes
May 9, 2025
liustve
added a commit
that referenced
this pull request
May 12, 2025
*Background:* #358 The above PR got rid of OtlpAwsSpanExporter and OtlpAwsLogExporter as to use the default upstream exporters as that was a cleaner approach. However, we need the OtlpAwsSpanExporter and OtlpAwsLogExporter classes to support later requirements for Gen AI as we need to override the export method. *Description of changes:* This PR reintroduces the OtlpAwsSpanExporter and OtlpAwsLogExporter classes to support later requirements for Gen AI as we need to override the export method. This change does not introduce anything new and the Sigv4 span + logs exporter still work as intended: Logs: ``` { "resource": { "attributes": { "aws.local.service": "test", "service.name": "test", "cloud.region": "us-west-2", "host.type": "c5.4xlarge", "cloud.availability_zone": "us-west-2c", "telemetry.sdk.name": "opentelemetry", "telemetry.sdk.language": "python", "cloud.provider": "aws", "cloud.account.id": "571600841604", "telemetry.sdk.version": "1.27.0", "host.name": "ip-172-31-7-29.us-west-2.compute.internal", "cloud.platform": "aws_ec2", "host.id": "i-0b04d6affbae7d629", "telemetry.auto.version": "0.9.0.dev0-aws" } }, "scope": { "name": "opentelemetry.sdk._logs._internal" }, "timeUnixNano": 1747074906326769664, "observedTimeUnixNano": 1747074906326822815, "severityNumber": 9, "severityText": "INFO", "body": "127.0.0.1 - - [12/May/2025 18:35:06] \"GET /server_request HTTP/1.1\" 200 -", "attributes": { "code.filepath": "/home/ec2-user/.local/lib/python3.9/site-packages/werkzeug/_internal.py", "otelTraceSampled": false, "code.function": "_log", "code.lineno": 97, "otelTraceID": "0", "otelSpanID": "0", "otelServiceName": "test" }, "traceId": "", "spanId": "" } ``` Spans: ``` { "resource": { "attributes": { "aws.local.service": "test", "service.name": "test", "cloud.region": "us-west-2", "host.type": "c5.4xlarge", "cloud.availability_zone": "us-west-2c", "telemetry.sdk.name": "opentelemetry", "telemetry.sdk.language": "python", "cloud.provider": "aws", "cloud.account.id": "571600841604", "telemetry.sdk.version": "1.27.0", "host.name": "ip-172-31-7-29.us-west-2.compute.internal", "cloud.platform": "aws_ec2", "host.id": "i-0b04d6affbae7d629", "telemetry.auto.version": "0.9.0.dev0-aws" } }, "scope": { "name": "opentelemetry.instrumentation.flask", "version": "0.48b0" }, "traceId": "68223f2d375733237e24512171012437", "spanId": "34dd5a89d7a21fdf", "flags": 256, "name": "GET /", "kind": "SERVER", "startTimeUnixNano": 1747074861988123056, "endTimeUnixNano": 1747074861988911516, "durationNano": 788460, "attributes": { "net.host.name": "localhost:8082", "aws.local.service": "test", "net.peer.port": 57356, "telemetry.extended": "true", "http.target": "/", "http.flavor": "1.1", "net.peer.ip": "127.0.0.1", "http.host": "localhost:8082", "aws.local.environment": "ec2:default", "http.status_code": 404, "aws.local.operation": "GET /", "aws.span.kind": "LOCAL_ROOT", "http.server_name": "127.0.0.1", "http.user_agent": "curl/8.5.0", "net.host.port": 8082, "PlatformType": "AWS::EC2", "http.method": "GET", "http.response.status_code": 404, "http.scheme": "http" }, "status": { "code": "UNSET" } } ``` By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
Supporting ADOT auto instrumentation to automatically inject SigV4 authentication headers for outgoing export log requests to the allow exporting to the AWS Logs OTLP endpoint. Users will need to configure the following environment variables in order to enable and properly run this exporter:
OTEL_EXPORTER_OTLP_LOGS_ENDPOINT=https://logs.[AWS-REGION].amazonaws.com/v1/logs; requiredOTEL_EXPORTER_OTLP_LOGS_HEADERS=x-aws-log-group=[CW-LOG-GROUP-NAME],x-aws-log-stream=[CW-LOG-STREAM-NAME]requiredOTEL_PYTHON_LOGGING_AUTO_INSTRUMENTATION_ENABLED=truerequiredOTEL_LOGS_EXPORTER=otlprequired or do not set env variableOTEL_EXPORTER_OTLP_LOGS_PROTOCOL=http/protobufrequired or do not set env variableOTEL_METRICS_EXPORTER=noneDescription of changes:
Add new AwsAuthSession class to inject Sigv4 headers directly into the sessions object used by the upstream exporter.
https://github.com/srprash/aws-otel-sigv4-auth/tree/main
The ADOT auto instrumentation is now configured to automatically detect if a user is exporting to CW Logs OTLP Logs endpoint by checking if the environment variable
OTEL_EXPORTER_OTLP_LOGS_ENDPOINTis configured to match this url pattern:https://logs.[AWS-REGION].amazonaws.com/v1/logsTesting:
Further testing will be done with the Release tests.
Example of a log exported using this exporter: