The Prometheus server will talk to directly to the AWS API so you need to create a user with programmatic access and add following permission:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*" } ] }

→ The Prometheus server can get all metadata of the EC2 instances like IP addresses or tags

On the Prometheus server a scrape target has to be added to the prometheus.yml file with the access and secret key of the added user. You can do some relabeling magic which lets you reuse your EC2 tags and metadata in Prometheus which is very nice.

I.e. here we take the ec2_tag_name as instance value and we add two additional tags (customer,role) which we get from the ec2_tag_customer and ec2_tag_role

- job_name: 'node' ec2_sd_configs: - region: YOURREGION access_key: YOURACCESSKEY secret_key: YOURSECRETKEY port: 9100 refresh_interval: 1m relabel_configs: - source_labels: - '__meta_ec2_tag_Name' target_label: 'instance' - source_labels: - '__meta_ec2_tag_customer' target_label: 'customer' - source_labels: - '__meta_ec2_tag_role' target_label: 'role'

The Prometheus server will now get the private IP addresses of all of your EC2 instances

(by default the private IPs, but you can use the public ones as well, see ec2_sd_config documentation)

If you want to see which targets Prometheus gets through the Service Discovery browse to following URL of you Prometheus server:

-https://prometheus.server.com/service-discovery

Here you will see all your EC2 instances with their metadata and which data is reused in Prometheus:

