Skip to content

feat: add optional AWS IAM role authentication (AssumeRole)#1538

Open
elkh510 wants to merge 15 commits into
grafana:mainfrom
elkh510:add_aws_role_auth
Open

feat: add optional AWS IAM role authentication (AssumeRole)#1538
elkh510 wants to merge 15 commits into
grafana:mainfrom
elkh510:add_aws_role_auth

Conversation

@elkh510

@elkh510 elkh510 commented Feb 6, 2026

Copy link
Copy Markdown

Extend AWS authentication to support IAM role assumption alongside existing Access Key/Secret Key method. Add "default" credential provider that uses the AWS SDK default chain (env vars, EC2/ECS instance profile).

Changes:

  • Backend: add AssumeRoleARN and ExternalID to AWSSettings and SigV4Config
  • Backend: validate credentials only when authType is "keys"
  • Frontend: add Auth Provider selector (keys vs default credentials)
  • Frontend: add Assume Role ARN and External ID fields
  • Provisioning: add example datasources for all 4 AWS auth variants

@elkh510 elkh510 requested a review from a team as a code owner February 6, 2026 09:56
@elkh510 elkh510 requested a review from yesoreyeram February 6, 2026 09:56
@CLAassistant

CLAassistant commented Feb 6, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@elkh510
feat: add optional AWS IAM role authentication (AssumeRole)
31a6acf 
Extend AWS authentication to support IAM role assumption alongside
existing Access Key/Secret Key method. Add "default" credential provider
that uses the AWS SDK default chain (env vars, EC2/ECS instance profile).

Changes:
- Backend: add AssumeRoleARN and ExternalID to AWSSettings and SigV4Config
- Backend: validate credentials only when authType is "keys"
- Frontend: add Auth Provider selector (keys vs default credentials)
- Frontend: add Assume Role ARN and External ID fields
- Provisioning: add example datasources for all 4 AWS auth variants
@elkh510
docs: add AWS IAM role auth and provisioning examples
e7760bb 
Update AWS documentation to cover both authentication providers
(Access Key and Default Credentials / IAM Role), AssumeRole with
ExternalID, EKS IRSA setup, Grafana server configuration, and
provisioning YAML examples for all four auth combinations.
@elkh510

elkh510 commented Feb 11, 2026

Copy link
Copy Markdown
Author

hi
@yesoreyeram could you pls take a look

@elkh510

elkh510 commented Mar 9, 2026

Copy link
Copy Markdown
Author

hi
@yesoreyeram could you pls take a look

@elkh510 elkh510 requested a review from a team as a code owner April 27, 2026 06:01
@elkh510

elkh510 commented Apr 27, 2026

Copy link
Copy Markdown
Author

hi
@yesoreyeram could you pls take a look

@ofirshtrull

ofirshtrull commented Jun 9, 2026

Copy link
Copy Markdown

hey any update on this?
its can be very helpfull for many users

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yesoreyeram yesoreyeram Awaiting requested review from yesoreyeram yesoreyeram was automatically assigned from grafana/oss-big-tent

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elkh510 @CLAassistant @ofirshtrull