How to Query AWS Prometheus Using Python and AWS Signature Authentication

Prometheus is a popular open-source monitoring and alerting toolkit that has gained widespread adoption in the world of DevOps and cloud infrastructure management. Amazon Web Services (AWS) provides a managed Prometheus service called Amazon Managed Service for Prometheus (AMP), which allows you to easily collect and query Prometheus metrics in your AWS environment. In this article, we will explore how to query AWS Prometheus using Python and AWS Signature Authentication.

Introduction to AWS Prometheus

AWS Prometheus, part of AWS Observability services, simplifies the setup and management of Prometheus workspaces. It provides a scalable and highly available platform for storing and querying your application and infrastructure metrics.

To interact with AWS Prometheus, you can use Python and the popular requests library along with AWS Signature Authentication. This authentication method allows you to securely connect to AWS services without exposing your AWS access and secret keys.

Prerequisites

Before you begin, make sure you have the following prerequisites in place:

  1. AWS Account: You should have an AWS account and the necessary permissions to access the AWS Prometheus workspace.

  2. Python: Ensure you have Python installed on your system.

  3. Required Python Libraries: You need to install the requests and requests-aws4auth libraries. You can do this using pip:

    pip install requests requests-aws4auth boto3

  4. AWS CLI: Configure your AWS CLI with the necessary credentials and default region.

Querying AWS Prometheus with Python

Let’s dive into the code example you provided and understand how it works step by step:

import requests
from requests_aws4auth import AWS4Auth
import boto3

# Define AWS region, AWS profile, and query endpoint URL
aws_region = "region"
aws_profile = "saml"
query_endpoint = "https://aps-workspaces.region.amazonaws.com/workspaces/ws-XXXXXXXXX/api/v1/query"  # Replace with the actual endpoint
service_name = "aps"  # This should match the service you are using

# Create an AWS session using your AWS profile
session = boto3.Session(profile_name=aws_profile, region_name=aws_region)

# Generate AWS Signature Version 4 credentials
credentials = session.get_credentials()
access_key = credentials.access_key
secret_key = credentials.secret_key
token = credentials.token

# Construct the full URL with the query parameter
query_url = f"{query_endpoint}?query=up"

# Create the AWS4Auth object
auth = AWS4Auth(
    access_key,
    secret_key,
    aws_region,
    service_name,
    session_token=token,
)

# Make an HTTP POST request using the requests library and AWS Signature
headers = {
    "x-amz-security-token": token,
}

response = requests.post(query_url, headers=headers, auth=auth)

# Print the response
print("Response Status Code:", response.status_code)
print("Response Content:", response.text)

In this code:

  • We import the required libraries, including requests, requests_aws4auth, and boto3.

  • We define the AWS region, AWS profile, and the query endpoint URL specific to your AWS Prometheus workspace. Make sure to replace region and ws-XXXXXXXXX with your actual values.

  • We create a session using the specified AWS profile, which is configured in your AWS CLI.

  • We generate AWS Signature Version 4 credentials using the session.

  • We construct the query URL with a sample query parameter, in this case, "query=up". You can replace this with your specific Prometheus query.

  • We create an AWS4Auth object, which handles the AWS Signature Authentication.

  • We make an HTTP POST request to the query URL using the requests library, passing the AWS Signature Authentication in the headers.

  • Finally, we print the response, which includes the HTTP status code and the query result.

Conclusion

In this article, we have demonstrated how to query AWS Prometheus using Python and AWS Signature Authentication. This approach ensures secure and authenticated access to your AWS Prometheus workspace, allowing you to retrieve valuable metrics and monitor your applications and infrastructure effectively. You can further customize the queries to extract specific metrics and integrate them into your monitoring and alerting workflows.