Pushing files to EC2 without SSH/SCP

0

We have a Prometheus setup in EC2. We are trying to build an alerting pipeline around it.

Our requirement is to keep the rule files in Github, somehow push those files to the prometheus instance on merge to main branch and do a sysctl reload prometheus on the EC2 to reload configs without restart.

Seems easy enough if we have SSH available. But unfortunately, we are using SSM only strictly and don't even attach an SSH key to most EC2. So SSH/SCP can't be used.

We have couple of options that we know of:

  1. Push the rule files to an S3 bucket from the Github pipeline and mount the bucket at /etc/prometheus path. For reload, use the prometheus API endpoint.
  2. Use CodeDeploy. On every merge to main, create a revision and then deploy from the CodeDeploy console.

CodeDeploy model seems like an overkill (and additional steps involved to update some rules). Is S3 mount a good approach for this? Or does SSM itself provide some way to do this?

spy16
asked a month ago218 views
1 Answer
1

Hi,

For me, S3 mount is the simplest (hence most resilient) approach. The other 2 are more complex as they involve more components.

I guess that you will have a hook in Github to automatically load S3 with new versions of the rules and trigger the Prometheus API endpoint.

Best,

Didier

profile pictureAWS
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile picture
EXPERT
Sandeep
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions