AWS AmazonCloudWatch documentation change
Summary
Added documentation for metrics endpoint in CloudWatch OTLP, including authentication details and specific ingestion limits, and reordered content.
Security assessment
Documentation expands to include authentication (Signature 4) for the new metrics endpoint, which is a security feature, but does not address a specific security vulnerability; change is primarily for feature support.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.md b/AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.md index bbb6fd134..3efe4eaa8 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch-OTLPEndpoint.md @@ -5 +5 @@ -Traces endpointLogs endpointRUM endpointEndpoint limits and restrictions +Logs endpointMetrics endpointTraces endpointRUM endpointEndpoint limits and restrictions @@ -11,6 +10,0 @@ OpenTelemetry Protocol (OTLP) is a general-purpose telemetry data delivery proto -## Traces endpoint - -The traces endpoint follows the pattern `https://xray.`AWS Region`.amazonaws.com/v1/traces`. For example, for the US West (Oregon) (us-west-2) Region, the endpoint will be `https://xray.us-west-2.amazonaws.com/v1/traces`. - -You need to configure your OpenTelemetry collector to start sending traces to CloudWatch. The endpoint authenticates callers using Signature 4 authentication. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). - @@ -24,0 +19,12 @@ When log event size exceed 1MB, CloudWatch Logs automatically truncates up to 10 +## Metrics endpoint + +The metrics endpoint follows the pattern `https://monitoring.`AWS Region`.amazonaws.com/v1/metrics`. For example, for the US West (Oregon) (us-west-2) Region, the endpoint will be `https://monitoring.us-west-2.amazonaws.com/v1/metrics`. + +You need to configure your OpenTelemetry collector to start sending metrics to CloudWatch. The endpoint authenticates callers using Signature 4 authentication. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). + +## Traces endpoint + +The traces endpoint follows the pattern `https://xray.`AWS Region`.amazonaws.com/v1/traces`. For example, for the US West (Oregon) (us-west-2) Region, the endpoint will be `https://xray.us-west-2.amazonaws.com/v1/traces`. + +You need to configure your OpenTelemetry collector to start sending traces to CloudWatch. The endpoint authenticates callers using Signature 4 authentication. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). + @@ -44 +50 @@ To learn more about the authentication models as defined in their SDKs, see the -The table lists the common endpoint limits and restrictions for traces and logs. +The table lists the common endpoint limits and restrictions for metrics, traces, and logs. @@ -48 +54 @@ Limit | Endpoint | Additional information -Required collector extension | [sigv4authextension](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension/sigv4authextension) | To send traces to OTLP endpoint you must use sigv4authextension +Required collector extension | [sigv4authextension](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension/sigv4authextension) | To send metrics or traces to OTLP endpoint you must use sigv4authextension @@ -64,0 +71,11 @@ Maximum time gap in events / request | 24 hours | +The table lists the endpoint limits and restrictions for metrics. + +Limit | Metrics endpoint | Additional information | Error code +---|---|---|--- +Maximum TPS | 500 | The maximum number of requests per second allowed per account. | 429 +Maximum new series creation rate | 1,000,000 | Maximum number of new series that can be created in a 10-minute window. This limit applies only to creating new metric names, not to ingesting data points for existing metrics. | 429 - all metrics in the requests are throttled; 200 - metrics in the requests are partially throttled +Maximum request size | 1 MB | The maximum uncompressed size of the request. | 400 +Maximum datapoint count | 1,000 | The maximum number of datapoints sent in a single request. This number is a sum across ResourceMetrics, ScopeMetrics and Metrics. | 400 +Maximum metadata size | 40 KB | The maximum combined size of all labels and label values accepted for a series per datapoint. | 400 - all metrics in the requests are invalid; 200 - metrics in the requests are partially invalid +Maximum label count | 150 | Maximum number of labels across Resource/Scope/Datapoint attributes per datapoint. | 400 - all metrics in the requests are invalid; 200 - metrics in the requests are partially invalid +