> ## Documentation Index
> Fetch the complete documentation index at: https://otel.fyi/llms.txt
> Use this file to discover all available pages before exploring further.

# Awsproxy

> OpenTelemetry extension for Awsproxy

# Awsproxy Extension

![Status](https://img.shields.io/badge/status-beta-yellow)

**Available in:** `contrib`

**Maintainers:** [@Aneurysm9](https://github.com/Aneurysm9), [@mxiamxia](https://github.com/mxiamxia)

**Source:** [opentelemetry-collector-contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/extension/awsproxy)

## Overview

## Configuration

Example:

```yaml theme={null}
extensions:
  awsproxy:
    endpoint: 0.0.0.0:2000
    proxy_address: ""
    tls:
      insecure: false
      server_name_override: ""
    region: ""
    role_arn: ""
    aws_endpoint: ""
    local_mode: false
    service_name: "xray"
```

### endpoint (Optional)

The TCP address and port on which this proxy listens for requests.

Default: `localhost:2000`

See our [security best practices doc](https://opentelemetry.io/docs/security/config-best-practices/#protect-against-denial-of-service-attacks) to understand how to set the endpoint in different environments.

### proxy\_address (Optional)

Defines the proxy address that this extension forwards HTTP requests to the AWS backend through. If left unconfigured, requests will be sent directly.
This will generally be set to a NAT gateway when the collector is running on a network without public internet.

### insecure (Optional)

Enables or disables TLS certificate verification when this proxy forwards HTTP requests to the AWS backend. This sets the `InsecureSkipVerify` in the [TLSConfig](https://godoc.org/crypto/tls#Config). When setting to true, TLS is susceptible to man-in-the-middle attacks so it should be used only for testing.

Default: `false`

### server\_name\_override (Optional)

This sets the \`\`ServerName\` in the [TLSConfig](https://godoc.org/crypto/tls#Config).

### region (Optional)

The AWS region this proxy forwards requests to. When missing, we will try to retrieve this value through environment variables or optionally ECS/EC2 metadata endpoint (depends on `local_mode` below).

### role\_arn (Optional)

The IAM role used by this proxy when communicating with the AWS service. If non-empty, the receiver will attempt to call STS to retrieve temporary credentials, otherwise the standard AWS credential [lookup](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials) will be performed.

### aws\_endpoint (Optional)

The AWS service endpoint which this proxy forwards requests to. If not set, will default to the AWS X-Ray endpoint.

### service\_name (Optional)

The AWS service name which this proxy forwards requests to. If not set, will default to "xray"

## Configuration

### Example Configuration

```yaml theme={null}
awsproxy:
awsproxy/1:
  endpoint: "0.0.0.0:1234"
  proxy_address: "https://proxy.proxy.com"
  tls:
    insecure: true
    server_name_override: "something"
  region: "us-west-1"
  role_arn: "arn:aws:iam::123456789012:role/awesome_role"
  aws_endpoint: "https://another.aws.endpoint.com"
  service_name: "es"
```

***

*Last generated: 2026-07-06*
