Merge pull request #17304 from Devansh-ops/docs/sigv4-fips-sts-endpoint

docs: add `use_fips_sts_endpoint` to sigv4 config
2026-05-28 04:02:21 -04:00 · 2025-11-07 14:38:53 +01:00 · 2025-11-07 14:38:53 +01:00 · 198d665eac
commit 198d665eac
parent fae9323c13 abf67c8641
1 changed files with 10 additions and 0 deletions
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@ -3034,6 +3034,11 @@ sigv4:
  # AWS Role ARN, an alternative to using AWS API keys.
  [ role_arn: <string> ]

+  # Defines the FIPS mode for the AWS STS endpoint.
+  # Requires Prometheus >= 2.54.0
+  # Note: FIPS STS selection should be configured via use_fips_sts_endpoint rather than environment variables. (The problem report that motivated this: AWS_USE_FIPS_ENDPOINT no longer works.)
+  [ use_fips_sts_endpoint: <boolean> | default = false ]
+
 # HTTP client settings, including authentication methods (such as basic auth and
 # authorization), proxy configurations, TLS options, custom HTTP headers, etc.
 [ <http_config> ]
@ -3240,6 +3245,11 @@ sigv4:
  # AWS Role ARN, an alternative to using AWS API keys.
  [ role_arn: <string> ]

+  # Defines the FIPS mode for the AWS STS endpoint.
+  # Requires Prometheus >= 2.54.0
+  # Note: FIPS STS selection should be configured via use_fips_sts_endpoint rather than environment variables. (The problem report that motivated this: AWS_USE_FIPS_ENDPOINT no longer works.)
+  [ use_fips_sts_endpoint: <boolean> | default = false ]
+
 # Optional AzureAD configuration.
 # Cannot be used at the same time as basic_auth, authorization, oauth2, sigv4 or google_iam.
 azuread: