Add SigV4 support

configuration.go

@@ -32,6 +32,7 @@ var (
 	maxRetriesConfig          = &configuration{flag: "max-retries", envFlag: "max_retries", defaultValue: strconv.Itoa(awsClient.DefaultRetryerMaxNumRetries)}
 	defaultDatabaseConfig     = &configuration{flag: "default-database", envFlag: "default_database", defaultValue: ""}
 	defaultTableConfig        = &configuration{flag: "default-table", envFlag: "default_table", defaultValue: ""}
+    enableSigV4AuthConfig     = &configuration{flag: "enable-sigv4-auth", envFlag: "enable_sigv4_auth", defaultValue: "false"}
 	listenAddrConfig          = &configuration{flag: "web.listen-address", envFlag: "", defaultValue: ":9201"}
 	telemetryPathConfig       = &configuration{flag: "web.telemetry-path", envFlag: "", defaultValue: "/metrics"}
 	failOnLabelConfig         = &configuration{flag: "fail-on-long-label", envFlag: "fail_on_long_label", defaultValue: "false"}

main.go

@@ -24,6 +24,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+    "github.com/aws/aws-sdk-go/aws/session"
 	"github.com/go-kit/log"
 	"github.com/gogo/protobuf/proto"
 	"github.com/golang/snappy"
@@ -83,6 +84,7 @@ type connectionConfig struct {
 	defaultDatabase           string
 	defaultTable              string
 	enableLogging             bool
+    enableSigV4Auth           bool
 	failOnLongMetricLabelName bool
 	failOnInvalidSample       bool
 	listenAddr                string
@@ -145,10 +147,21 @@ func lambdaHandler(req events.APIGatewayProxyRequest) (events.APIGatewayProxyRes
 
 	logger := cfg.createLogger()
 
-	awsCredentials, ok := parseBasicAuth(req.Headers[basicAuthHeader])
-	if !ok {
-		return createErrorResponse(errors.NewParseBasicAuthHeaderError().(*errors.ParseBasicAuthHeaderError).Message())
-	}
+    var awsCredentials *credentials.Credentials
+    var ok bool
+
+    // If SigV4 authentication has been enabled, such as when write requests originate
+    // from the OpenTelemetry collector, credentials will be taken from the local environment.
+    // Otherwise, basic auth is used for AWS credentials
+    if cfg.enableSigV4Auth {
+        sess := session.Must(session.NewSession())
+        awsCredentials = sess.Config.Credentials
+    } else {
+        awsCredentials, ok = parseBasicAuth(req.Headers[basicAuthHeader])
+        if !ok {
+            return createErrorResponse(errors.NewParseBasicAuthHeaderError().(*errors.ParseBasicAuthHeaderError).Message())
+        }
+    }
 
 	awsConfigs := cfg.buildAWSConfig()
 	timestreamClient := timestream.NewBaseClient(cfg.defaultDatabase, cfg.defaultTable)
@@ -280,7 +293,7 @@ func (cfg *connectionConfig) createLogger() (logger log.Logger) {
 }
 
 // parseBoolFromStrings parses the boolean configuration options from the strings in connectionConfig.
-func (cfg *connectionConfig) parseBoolFromStrings(enableLogging, failOnLongMetricLabelName, failOnInvalidSample string) error {
+func (cfg *connectionConfig) parseBoolFromStrings(enableLogging, failOnLongMetricLabelName, failOnInvalidSample, enableSigV4Auth string) error {
 	var err error
 
 	cfg.enableLogging, err = strconv.ParseBool(enableLogging)
@@ -304,6 +317,13 @@ func (cfg *connectionConfig) parseBoolFromStrings(enableLogging, failOnLongMetri
 		return timestreamError
 	}
 
+    cfg.enableSigV4Auth, err = strconv.ParseBool(enableSigV4Auth)
+    if err != nil {
+		timestreamError := errors.NewParseSampleOptionError(failOnInvalidSample)
+		fmt.Println(timestreamError.Error())
+		return timestreamError
+    }
+
 	return nil
 }
 
@@ -328,7 +348,7 @@ func parseEnvironmentVariables() (*connectionConfig, error) {
 	cfg.defaultTable = getOrDefault(defaultTableConfig)
 
 	var err error
-	err = cfg.parseBoolFromStrings(getOrDefault(enableLogConfig), getOrDefault(failOnLabelConfig), getOrDefault(failOnInvalidSampleConfig))
+	err = cfg.parseBoolFromStrings(getOrDefault(enableLogConfig), getOrDefault(failOnLabelConfig), getOrDefault(failOnInvalidSampleConfig), getOrDefault(enableSigV4AuthConfig))
 	if err != nil {
 		return nil, err
 	}
@@ -357,6 +377,7 @@ func parseFlags() *connectionConfig {
 	}
 
 	var enableLogging string
+    var enableSigV4Auth string
 	var failOnLongMetricLabelName string
 	var failOnInvalidSample string
 
@@ -373,6 +394,7 @@ func parseFlags() *connectionConfig {
 		Default(failOnInvalidSampleConfig.defaultValue).StringVar(&failOnInvalidSample)
 	a.Flag(certificateConfig.flag, "TLS server certificate file.").Default(certificateConfig.defaultValue).StringVar(&cfg.certificate)
 	a.Flag(keyConfig.flag, "TLS server private key file.").Default(keyConfig.defaultValue).StringVar(&cfg.key)
+    a.Flag(enableSigV4AuthConfig.flag, "Whether to enable SigV4 authentication with the API Gateway. Default to 'false'.").Default(enableSigV4AuthConfig.defaultValue).StringVar(&enableSigV4Auth)
 
 	flag.AddFlags(a, &cfg.promlogConfig)
 
@@ -381,7 +403,7 @@ func parseFlags() *connectionConfig {
 		os.Exit(1)
 	}
 
-	if err := cfg.parseBoolFromStrings(enableLogging, failOnLongMetricLabelName, failOnInvalidSample); err != nil {
+	if err := cfg.parseBoolFromStrings(enableLogging, failOnLongMetricLabelName, failOnInvalidSample, enableSigV4Auth); err != nil {
 		os.Exit(1)
 	}
 

serverless/DEVELOPER_README.md

@@ -61,15 +61,15 @@ The `DefaultDatabase`, `DefaultTable` and `LogLevel` may be altered to fit your
 
 To install the Timestream Prometheus Connector service launch the AWS CloudFormation stack on the AWS CloudFormation console by choosing one of the "Launch Stack" buttons in the following table:
 
-| Region                    | View                                                                                                                                      | View in Composer                                                                                                                                                                                                                                         | Launch                                                                                                                                                                                                                                                                            |
-|---------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| US East (N. Virginia) us-east-1 | [View](https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=us-east-1&templateURL=https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         |
-| US East (Ohio) us-east-2 | [View](https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=us-east-2&templateURL=https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         |
-| US West (Oregon) us-west-2 | [View](https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=us-west-2&templateURL=https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         |
-| Asia Pacific (Sydney) ap-southeast-2 | [View](https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=ap-southeast-2&templateURL=https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)      | [Launch](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)    |
-| Asia Pacific (Tokyo) ap-northeast-1 | [View](https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=ap-northeast-1&templateURL=https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)      | [Launch](https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)    |
-| Europe (Frankfurt) eu-central-1 | [View](https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=eu-central-1&templateURL=https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)        | [Launch](https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)      |
-| Europe (Ireland) eu-west-1 | [View](https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=eu-west-1&templateURL=https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         |
+| Region                    | View                                                                                                                                      | View in Composer                                                                                                                                                                                                                                         | Launch                                                                                                                                                                                                                                                                            | Launch (SigV4) |
+|---------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|
+| US East (N. Virginia) us-east-1 | [View](https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=us-east-1&templateURL=https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-east-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
+| US East (Ohio) us-east-2 | [View](https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=us-east-2&templateURL=https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-east-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
+| US West (Oregon) us-west-2 | [View](https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=us-west-2&templateURL=https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-us-west-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
+| Asia Pacific (Sydney) ap-southeast-2 | [View](https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=ap-southeast-2&templateURL=https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)      | [Launch](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml)    | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-ap-southeast-2.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
+| Asia Pacific (Tokyo) ap-northeast-1 | [View](https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=ap-northeast-1&templateURL=https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)      | [Launch](https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)    | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-ap-northeast-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
+| Europe (Frankfurt) eu-central-1 | [View](https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=eu-central-1&templateURL=https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)        | [Launch](https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)      | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-eu-central-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
+| Europe (Ireland) eu-west-1 | [View](https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml) |  [View in Composer](https://console.aws.amazon.com/composer/canvas?region=eu-west-1&templateURL=https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)           | [Launch](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml)         | [Launch (SigV4)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?stackName=PrometheusTimestreamConnector&templateURL=https://timestreamassets-eu-west-1.s3.amazonaws.com/timestream-prometheus-connector/template.yml&param_EnableSigV4Auth=true) |
 
 > **Note**: Attempting to use one of the above "Launch" links to create an already existing stack will fail. To update an existing stack, such as the default `PrometheusTimestreamConnector` stack, via the AWS Console, go to the stacks page at `https://<region>.console.aws.amazon.com/cloudformation/home`, select the stack you want to update from the list, then click "Update" to proceed through the update process.
 
@@ -216,6 +216,7 @@ Follow the verification steps in [README.md#verification](../README.md#verificat
 | LambdaTimeoutInSeconds    | The amount of time in seconds to run the connector on AWS Lambda before timing out. | 30                           |
 | ReadThrottlingBurstLimit  | The number of burst read requests per second that API Gateway permits. | 1200                             |
 | WriteThrottlingBurstLimit | The number of burst write requests per second that API Gateway permits. | 1200                             |
+| EnableSigV4Auth | Whether to enable SigV4 authentication for the API Gateway. | false |
 
 ### IAM Permissions Configuration Options