This guide covers authentication options for AWS Distro for OpenTelemetry Android.
The simplest approach uses a resource-based policy. This works with both agent and core modules and requires no credential management in your app.
- Create a resource-based policy in your RUM app monitor with an alias
- (OPTIONAL) Configure your app with the alias, if your policy has that:
Agent (zero-code) - res/raw/aws_config.json:
Core (programmatic):
import software.amazon.opentelemetry.android.OpenTelemetryRumClient
class MyApplication : Application() {
override fun onCreate() {
super.onCreate()
OpenTelemetryRumClient {
androidApplication = this@MyApplication
awsRum {
region = "us-east-1"
appMonitorId = "your-app-monitor-id"
alias = "your-rum-alias"
}
otelResource = Resource.builder()
.put("service.name", "MyApplication")
.put("service.version", "1.0.0")
.build()
}
}
}For advanced use cases requiring custom credential management, use SigV4-signed exporters with the core module.
dependencies {
implementation("software.amazon.opentelemetry.android:core:1.0.0")
implementation("software.amazon.opentelemetry.android:kotlin-sdk-auth:1.0.0")
}import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProvider
import software.amazon.opentelemetry.android.OpenTelemetryRumClient
import software.amazon.opentelemetry.android.auth.AwsSigV4SpanExporter
import software.amazon.opentelemetry.android.auth.AwsSigV4LogRecordExporter
class MyApplication : Application() {
override fun onCreate() {
super.onCreate()
val credentialsProvider = CredentialsProvider {
Credentials(
accessKeyId = "your-access-key-id",
secretAccessKey = "your-secret-access-key",
sessionToken = "your-session-token"
)
}
val region = "us-east-1"
val serviceName = "rum"
val endpoint = "https://dataplane.rum.$region.amazonaws.com/v1/rum"
OpenTelemetryRumClient {
androidApplication = this@MyApplication
spanExporter = AwsSigV4SpanExporter.builder()
.setEndpoint(endpoint)
.setRegion(region)
.setServiceName(serviceName)
.setCredentialsProvider(credentialsProvider)
.build()
logRecordExporter = AwsSigV4LogRecordExporter.builder()
.setEndpoint(endpoint)
.setRegion(region)
.setServiceName(serviceName)
.setCredentialsProvider(credentialsProvider)
.build()
otelResource = Resource.builder()
.put("service.name", "MyApplication")
.put("service.version", "1.0.0")
.build()
}
}
}
{ "aws": { "region": "us-east-1", "rumAppMonitorId": "your-app-monitor-id", "rumAlias": "your-rum-alias" // optional, if your policy has defined it }, "otelResourceAttributes": { "service.name": "MyApplication", "service.version": "1.0.0" } }