Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

AWS discovery and monitoring based on IAM roles is not working

Description

Impact on the user:

  • Users are not able to use simple and "key-secret free" way for discovery and monitoring instances on AWS

Steps to reproduce:

  1. Install PMM server from AWS marketplace

  2. Set IAM role for the instance according to our doc

  3. Go to Add instance -> AWS page

Actual result:

  • Form with Key-secret , without the ability to run discovery without entering key-secret

Expected Result:

  • Ability to run Discovery and add instances to monitoring WITHOUT entering key-secret and consume IAM role PMM instance has

  • On page instructions on what to do to get discovery and monitoring executed without entering key-secret

  • Clear documentation about How to set up IAM role to the PMM instance

Workaround:
N/A

Details
PMM 1 was working fine

PMM 2 : no way to execute

 

 

But the  empty API call: 

curl -X POST "http://XXX/v1/management/RDS/Discover" -H "accept: application/json" -H "Content-Type: application/json" -d "{}"

Provides data about  RDS instances. 

 

NOTE:  There is no need to replicate UX. we must keep an ability to enter another  key-secret for adding another instance   

Original report:

How to test

None

How to document

None

Attachments

4
  • 23 Aug 2021, 12:24 PM
  • 10 Mar 2021, 11:59 PM
  • 10 Mar 2021, 11:59 PM
  • 10 Mar 2021, 11:58 PM
100% Done
Type
Key
Summary
Priority
Story Points
Assignee
Status

Confluence content

mentioned on

Smart Checklist

Activity

Nailya Kutlubaeva August 24, 2021 at 8:29 PM
Edited

Also I think we should update screenshot in our doc ( https://www.percona.com/doc/percona-monitoring-and-management/2.x/setting-up/client/aws.html#adding-an-amazon-rds-mysql-aurora-mysql-or-remote-instance ) and attach the next one:

could you, please, update the screenshot?

Nailya Kutlubaeva August 24, 2021 at 8:27 PM

Checked basic functionality but not checking IAM role, will check after merging

Nailya Kutlubaeva August 23, 2021 at 12:25 PM

I checked the latest FB and found that Add instance page now looks very strange:


Was the page re-worked?

Everything else looks ok, if user do not specify keys the page returns correct message

Carlos Salguero April 7, 2021 at 12:41 PM

That's what it needs to be tested.
Deploy pmm on an EC2 or any AWS instance for that same use, try to run discovery without specifying credentials to check if the request comes from a logged-in user, can be executed without any other credentials. 

Roman Misyurin April 6, 2021 at 6:50 PM

Nope, don't think so

Done

Details

Assignee

Reporter

Priority

Labels

Needs QA

Yes

Needs Doc

Yes

Fix versions

Story Points

Sprint

Affects versions

Parent

Smart Checklist

Created March 10, 2021 at 11:58 PM
Updated March 6, 2024 at 3:03 AM
Resolved July 1, 2021 at 12:28 PM

Flag notifications