Ability to pull API key from AWS SSM Secret

[ajoga]

Hello,

This solution uses an AWS SSM parameter to store the token to push logs to Dynatrace:

dynatrace-aws-s3-log-forwarder/docs/deployment_guide.md

Lines 39 to 49 in 4f00665

	### Step 2. Create an AWS SSM SecureString Parameter to store your Dynatrace access token to ingest logs.
	Execute the following command to create an AWS SSM Parameter Store SecureString parameter to store your Dynatrace access token. The log forwarder Lambda function retrieves the access token from this parameter at runtime.
	```bash
	export PARAMETER_NAME="/dynatrace/s3-log-forwarder/$STACK_NAME/$DYNATRACE_TENANT_UUID/api-key"
	# Configure HISTCONTROL to avoid storing on the bash history the commands containing API keys
	export HISTCONTROL=ignorespace
	export PARAMETER_VALUE=<your_dynatrace-access-token-here>
	aws ssm put-parameter --name $PARAMETER_NAME --type SecureString --value $PARAMETER_VALUE
	```

The New Cloud Platform Monitoring's Firehose Log Streams Stack we deploy when creating an AWS connection in Dynatrace populates an AWS Secret with that token.

For the deployment of the dynatrace-aws-s3-log-forwarder it would be convenient if we could pass that same SSM Secret instead of creating a new SSM Parameter. The purposes of the tokens seems very similar to me.

[sq2gxo]

Hi @ajoga current s3-log-forwarder is using Dynatrace API Token, it is different from new platform tokens used in AWS monitoring tokens.
We are starting work on preparing new s3-log-forwarder versions aligned with new AWS monitoring and your idea makes a lot of sense.
We will keep you updated on it, Thank you.

[ajoga]

current s3-log-forwarder is using Dynatrace API Token, it is different from new platform tokens used in AWS monitoring tokens.

Oh I hadn't noticed yet, thank you for the heads up!