@rawdash/connector-aws-cloudwatch 0.15.0 → 0.16.0

package/dist/index.js

@@ -1,61 +1,6 @@
-// ../../connector-shared/dist/index.js
-var HttpClientError = class extends Error {
-  response;
-  constructor(message, response) {
-    super(message);
-    this.name = new.target.name;
-    this.response = response;
-  }
-};
-var TransientError = class extends HttpClientError {
-  kind = "transient";
-};
-var RateLimitError = class extends HttpClientError {
-  kind = "rate_limit";
-  retryAfter;
-  constructor(message, response, retryAfter) {
-    super(message, response);
-    this.retryAfter = retryAfter;
-  }
-};
-var AuthError = class extends HttpClientError {
-  kind = "auth";
-};
-var HTTP_CLIENT_VERSION = "0.0.0";
-var DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
-function connectorUserAgent(connectorId) {
-  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
-}
-function parseEpoch(value, unit) {
-  if (value === null || value === void 0) {
-    return null;
-  }
-  if (unit === "iso") {
-    if (typeof value !== "string") {
-      return null;
-    }
-    const ms = new Date(value).getTime();
-    return Number.isFinite(ms) ? ms : null;
-  }
-  if (typeof value === "string" && value.trim() === "") {
-    return null;
-  }
-  const n = typeof value === "number" ? value : Number(value);
-  if (!Number.isFinite(n)) {
-    return null;
-  }
-  const result = unit === "s" ? n * 1e3 : n;
-  return Number.isFinite(result) ? result : null;
-}
-
-// src/aws-cloudwatch.ts
-import {
-  BaseConnector,
-  defineConfigFields
-} from "@rawdash/core";
+// ../aws-shared/dist/index.js
+import { BaseConnector } from "@rawdash/core";
 import { z } from "zod";
-
-// src/sigv4.ts
 var encoder = new TextEncoder();
 var ALGORITHM = "AWS4-HMAC-SHA256";
 function u8(data) {
@@ -126,8 +71,6 @@ async function createAuthorizationHeader(params) {
   const signature = toHex(await hmac(signingKey, stringToSign));
   return `${ALGORITHM} Credential=${params.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
 }
-
-// src/xml.ts
 function decodeEntities(value) {
   return value.replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#39;/g, "'").replace(/&apos;/g, "'").replace(/&amp;/g, "&");
 }
@@ -208,74 +151,55 @@ function parseAssumeRole(xml) {
 function parseErrorCode(xml) {
   return firstText(xml, "Code");
 }
-
-// src/aws-cloudwatch.ts
-function readEnv(name) {
-  const env = globalThis.process?.env;
-  return env?.[name];
+var HttpClientError = class extends Error {
+  response;
+  constructor(message, response) {
+    super(message);
+    this.name = new.target.name;
+    this.response = response;
+  }
+};
+var TransientError = class extends HttpClientError {
+  kind = "transient";
+};
+var RateLimitError = class extends HttpClientError {
+  kind = "rate_limit";
+  retryAfter;
+  constructor(message, response, retryAfter) {
+    super(message, response);
+    this.retryAfter = retryAfter;
+  }
+};
+var AuthError = class extends HttpClientError {
+  kind = "auth";
+};
+var HTTP_CLIENT_VERSION = "0.0.0";
+var DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
+function connectorUserAgent(connectorId) {
+  return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
 }
-var metricQuerySchema = z.object({
-  id: z.string().regex(
-    /^[a-z][a-zA-Z0-9_]*$/,
-    "CloudWatch query id must start with a lowercase letter and contain only letters, digits, and underscores"
-  ),
-  namespace: z.string().min(1),
-  metric: z.string().min(1),
-  stat: z.string().min(1),
-  periodSeconds: z.number().int().min(60).refine((n) => n % 60 === 0, {
-    message: "periodSeconds must be a multiple of 60 (1 minute)"
-  }),
-  dimensions: z.record(z.string(), z.string()).optional()
-});
-var configFields = defineConfigFields(
-  z.object({
-    region: z.string().regex(
-      /^[a-z0-9-]+$/,
-      "region must look like an AWS region, e.g. us-east-1"
-    ).meta({
-      label: "AWS Region",
-      description: "The AWS region whose CloudWatch metrics you want to read, e.g. us-east-1.",
-      placeholder: "us-east-1"
-    }),
-    accessKeyId: z.object({ $secret: z.string() }).optional().meta({
-      label: "Access Key ID",
-      description: "AWS access key ID for an IAM principal with cloudwatch:GetMetricData. Use this together with the secret access key for static-credential auth.",
-      secret: true
-    }),
-    secretAccessKey: z.object({ $secret: z.string() }).optional().meta({
-      label: "Secret Access Key",
-      description: "AWS secret access key paired with the access key ID above.",
-      secret: true
-    }),
-    roleArn: z.string().regex(
-      /^arn:aws:iam::\d{12}:role\/.+/,
-      "roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash"
-    ).optional().meta({
-      label: "Role ARN",
-      description: "IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.",
-      placeholder: "arn:aws:iam::123456789012:role/rawdash-cloudwatch"
-    }),
-    externalId: z.string().min(1).optional().meta({
-      label: "External ID",
-      description: "External ID required by the trust policy of the role being assumed. Only used with Role ARN."
-    }),
-    metricQueries: z.array(metricQuerySchema).nonempty().meta({
-      label: "Metric queries",
-      description: "CloudWatch is too broad to mirror wholesale \u2014 declare the specific metrics to pull. Each query needs an id, namespace, metric name, statistic, and period (seconds, multiple of 60), with optional dimensions."
-    }),
-    lookbackMinutes: z.number().int().positive().max(40320).optional().meta({
-      label: "Lookback (minutes)",
-      description: "How far back to pull data points on a full sync when the host does not supply a since bound. Defaults to 180.",
-      placeholder: "180"
-    })
-  }).refine(
-    (val) => val.roleArn !== void 0 || val.accessKeyId !== void 0 && val.secretAccessKey !== void 0,
-    {
-      message: "Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption)"
+function parseEpoch(value, unit) {
+  if (value === null || value === void 0) {
+    return null;
+  }
+  if (unit === "iso") {
+    if (typeof value !== "string") {
+      return null;
     }
-  )
-);
-var cloudWatchCredentials = {
+    const ms = new Date(value).getTime();
+    return Number.isFinite(ms) ? ms : null;
+  }
+  if (typeof value === "string" && value.trim() === "") {
+    return null;
+  }
+  const n = typeof value === "number" ? value : Number(value);
+  if (!Number.isFinite(n)) {
+    return null;
+  }
+  const result = unit === "s" ? n * 1e3 : n;
+  return Number.isFinite(result) ? result : null;
+}
+var awsCredentialsSchema = {
   accessKeyId: {
     description: "AWS access key ID",
     auth: "optional"
@@ -285,61 +209,18 @@ var cloudWatchCredentials = {
     auth: "optional"
   }
 };
-var metricDataResponseSchema = z.object({
-  MetricDataResults: z.array(
-    z.object({
-      Id: z.string(),
-      Label: z.string(),
-      Timestamps: z.array(z.iso.datetime()),
-      Values: z.array(z.number()),
-      StatusCode: z.enum([
-        "Complete",
-        "InternalError",
-        "PartialData",
-        "Forbidden"
-      ])
-    })
-  ),
-  NextToken: z.string().optional()
-});
-var CLOUDWATCH_SERVICE = "monitoring";
-var CLOUDWATCH_API_VERSION = "2010-08-01";
 var STS_SERVICE = "sts";
 var STS_API_VERSION = "2011-06-15";
-var MAX_QUERIES_PER_CALL = 500;
-var DEFAULT_LOOKBACK_MINUTES = 180;
 var ASSUMED_ROLE_TTL_BUFFER_MS = 6e4;
 var ASSUME_ROLE_DURATION_SECONDS = 3600;
-var MS_PER_MINUTE = 6e4;
 var FORM_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8";
-var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
-  static id = "aws-cloudwatch";
-  static schemas = {
-    metric_data: metricDataResponseSchema
-  };
-  static create(input, ctx) {
-    const parsed = configFields.parse(input);
-    return new _CloudWatchConnector(
-      {
-        region: parsed.region,
-        roleArn: parsed.roleArn,
-        externalId: parsed.externalId,
-        metricQueries: parsed.metricQueries,
-        lookbackMinutes: parsed.lookbackMinutes
-      },
-      {
-        accessKeyId: parsed.accessKeyId,
-        secretAccessKey: parsed.secretAccessKey
-      },
-      ctx
-    );
-  }
-  id = "aws-cloudwatch";
-  credentials = cloudWatchCredentials;
+function readEnv(name) {
+  const env = globalThis.process?.env;
+  return env?.[name];
+}
+var BaseAWSConnector = class extends BaseConnector {
+  credentials = awsCredentialsSchema;
   assumedCreds = null;
-  // -------------------------------------------------------------------------
-  // Credential resolution
-  // -------------------------------------------------------------------------
   baseCredentials() {
     const { accessKeyId, secretAccessKey } = this.creds;
     if (accessKeyId && secretAccessKey) {
@@ -355,7 +236,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
       };
     }
     throw new AuthError(
-      "aws-cloudwatch: no AWS credentials available \u2014 provide accessKeyId + secretAccessKey, or set them in the environment for role assumption"
+      `${this.id}: no AWS credentials available \u2014 provide accessKeyId + secretAccessKey, or set them in the environment for role assumption`
     );
   }
   async resolveSigningCredentials(signal) {
@@ -363,7 +244,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
       const { accessKeyId, secretAccessKey } = this.creds;
       if (!accessKeyId || !secretAccessKey) {
         throw new AuthError(
-          "aws-cloudwatch: static-credential auth requires both accessKeyId and secretAccessKey"
+          `${this.id}: static-credential auth requires both accessKeyId and secretAccessKey`
         );
       }
       return { accessKeyId, secretAccessKey };
@@ -371,15 +252,14 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
     if (this.assumedCreds && Date.now() < this.assumedCreds.expiresAt) {
       return this.assumedCreds.value;
     }
-    const assumed = await this.assumeRole(this.settings.roleArn, signal);
-    return assumed;
+    return this.assumeRole(this.settings.roleArn, signal);
   }
   async assumeRole(roleArn, signal) {
     const params = new URLSearchParams();
     params.set("Action", "AssumeRole");
     params.set("Version", STS_API_VERSION);
     params.set("RoleArn", roleArn);
-    params.set("RoleSessionName", "rawdash-aws-cloudwatch");
+    params.set("RoleSessionName", `rawdash-${this.id}`);
     params.set("DurationSeconds", String(ASSUME_ROLE_DURATION_SECONDS));
     if (this.settings.externalId !== void 0) {
       params.set("ExternalId", this.settings.externalId);
@@ -396,7 +276,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
     const parsed = parseAssumeRole(xml);
     if (parsed === null) {
       throw new AuthError(
-        "aws-cloudwatch: STS AssumeRole returned no usable credentials"
+        `${this.id}: STS AssumeRole returned no usable credentials`
       );
     }
     this.cacheAssumedCredentials(parsed);
@@ -418,9 +298,6 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
       expiresAt
     };
   }
-  // -------------------------------------------------------------------------
-  // Signed transport
-  // -------------------------------------------------------------------------
   async signedPost(args) {
     const { amzDate, dateStamp } = formatAmzDate(/* @__PURE__ */ new Date());
     const payloadHash = await sha256Hex(args.body);
@@ -451,7 +328,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
       "content-type": FORM_CONTENT_TYPE,
       "x-amz-content-sha256": payloadHash,
       "x-amz-date": amzDate,
-      "user-agent": connectorUserAgent("aws-cloudwatch"),
+      "user-agent": connectorUserAgent(this.id),
       Authorization: authorization
     };
     if (args.signingCredentials.sessionToken !== void 0) {
@@ -474,9 +351,6 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
       throw this.classifyAwsError(err);
     }
   }
-  // CloudWatch and STS return AWS error codes inside the (XML) body even on a
-  // 400 — map the documented ones to the shared error taxonomy so the host
-  // backs off / pauses / retries correctly.
   classifyAwsError(err) {
     if (!(err instanceof Error) || !("kind" in err)) {
       return err;
@@ -498,13 +372,229 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
     }
     return err;
   }
-  // -------------------------------------------------------------------------
-  // GetMetricData request building
-  // -------------------------------------------------------------------------
+};
+var awsAuthConfigShape = {
+  region: z.string().regex(
+    /^[a-z0-9-]+$/,
+    "region must look like an AWS region, e.g. us-east-1"
+  ).meta({
+    label: "AWS Region",
+    description: "The AWS region whose service endpoint you want to call, e.g. us-east-1.",
+    placeholder: "us-east-1"
+  }),
+  accessKeyId: z.object({ $secret: z.string() }).optional().meta({
+    label: "Access Key ID",
+    description: "AWS access key ID for an IAM principal with permission to call the relevant service. Use together with the secret access key for static-credential auth.",
+    secret: true
+  }),
+  secretAccessKey: z.object({ $secret: z.string() }).optional().meta({
+    label: "Secret Access Key",
+    description: "AWS secret access key paired with the access key ID above.",
+    secret: true
+  }),
+  roleArn: z.string().regex(
+    /^arn:aws:iam::\d{12}:role\/.+/,
+    "roleArn must be a full IAM role ARN, e.g. arn:aws:iam::123456789012:role/rawdash"
+  ).optional().meta({
+    label: "Role ARN",
+    description: "IAM role to assume via STS instead of using static keys. The base credentials (the access key above, or the ambient AWS environment) must be allowed to sts:AssumeRole this role.",
+    placeholder: "arn:aws:iam::123456789012:role/rawdash"
+  }),
+  externalId: z.string().min(1).optional().meta({
+    label: "External ID",
+    description: "External ID required by the trust policy of the role being assumed. Only used with Role ARN."
+  })
+};
+var awsAuthRefine = {
+  predicate: (val) => {
+    const hasRole = val.roleArn !== void 0;
+    const hasStatic = val.accessKeyId !== void 0 && val.secretAccessKey !== void 0;
+    if (val.externalId !== void 0 && !hasRole) {
+      return false;
+    }
+    return hasRole || hasStatic;
+  },
+  message: "Provide either accessKeyId + secretAccessKey (static credentials) or roleArn (role assumption). externalId requires roleArn."
+};
+
+// ../../connector-shared/dist/index.js
+var HTTP_CLIENT_VERSION2 = "0.0.0";
+var DEFAULT_USER_AGENT2 = `rawdash-connector/${HTTP_CLIENT_VERSION2} (+https://rawdash.dev)`;
+function parseEpoch2(value, unit) {
+  if (value === null || value === void 0) {
+    return null;
+  }
+  if (unit === "iso") {
+    if (typeof value !== "string") {
+      return null;
+    }
+    const ms = new Date(value).getTime();
+    return Number.isFinite(ms) ? ms : null;
+  }
+  if (typeof value === "string" && value.trim() === "") {
+    return null;
+  }
+  const n = typeof value === "number" ? value : Number(value);
+  if (!Number.isFinite(n)) {
+    return null;
+  }
+  const result = unit === "s" ? n * 1e3 : n;
+  return Number.isFinite(result) ? result : null;
+}
+
+// src/aws-cloudwatch.ts
+import {
+  defineConfigFields,
+  defineConnectorDoc,
+  defineResources,
+  schemasFromResources
+} from "@rawdash/core";
+import { z as z2 } from "zod";
+var metricQuerySchema = z2.object({
+  id: z2.string().regex(
+    /^[a-z][a-zA-Z0-9_]*$/,
+    "CloudWatch query id must start with a lowercase letter and contain only letters, digits, and underscores"
+  ),
+  namespace: z2.string().min(1),
+  metric: z2.string().min(1),
+  stat: z2.string().min(1),
+  periodSeconds: z2.number().int().min(60).refine((n) => n % 60 === 0, {
+    message: "periodSeconds must be a multiple of 60 (1 minute)"
+  }),
+  dimensions: z2.record(z2.string(), z2.string()).optional()
+});
+var configFields = defineConfigFields(
+  z2.object({
+    ...awsAuthConfigShape,
+    metricQueries: z2.array(metricQuerySchema).nonempty().meta({
+      label: "Metric queries",
+      description: "CloudWatch is too broad to mirror wholesale; declare the specific metrics to pull. Each query needs an id, namespace, metric name, statistic, and period (seconds, multiple of 60), with optional dimensions."
+    }),
+    lookbackMinutes: z2.number().int().positive().max(40320).optional().meta({
+      label: "Lookback (minutes)",
+      description: "How far back to pull data points on a full sync when the host does not supply a since bound. Defaults to 180.",
+      placeholder: "180"
+    })
+  }).refine(awsAuthRefine.predicate, { message: awsAuthRefine.message }).refine(
+    (cfg) => new Set(cfg.metricQueries.map((q) => q.id)).size === cfg.metricQueries.length,
+    {
+      path: ["metricQueries"],
+      message: "Each metric query id must be unique"
+    }
+  )
+);
+var doc = defineConnectorDoc({
+  displayName: "AWS CloudWatch",
+  category: "infrastructure",
+  brandColor: "#FF4F8B",
+  tagline: "Pull declared CloudWatch metric time series (any namespace, statistic, and period) into a single metric series per query.",
+  rateLimit: "GetMetricData is batched at most 500 metrics per call with NextToken pagination; throttling (Throttling / RequestLimitExceeded / TooManyRequests) is retried with backoff.",
+  vendor: {
+    name: "Amazon Web Services",
+    apiDocs: "https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html",
+    website: "https://aws.amazon.com/cloudwatch/"
+  },
+  auth: {
+    summary: "Authenticate with either static IAM access keys or an assumed IAM role (STS). The principal needs cloudwatch:GetMetricData on the target region.",
+    setup: [
+      "Create an IAM user or role with a policy granting `cloudwatch:GetMetricData`.",
+      "For static credentials, generate an access key ID and secret access key for that IAM user and store them as secrets.",
+      "For role assumption, set `roleArn` to the role to assume (and `externalId` if its trust policy requires one); the base credentials must be allowed to `sts:AssumeRole` it.",
+      "Set `region` to the AWS region whose CloudWatch endpoint holds the metrics, e.g. `us-east-1`.",
+      'Reference the keys from config, e.g. `accessKeyId: secret("AWS_ACCESS_KEY_ID")` and `secretAccessKey: secret("AWS_SECRET_ACCESS_KEY")`.'
+    ]
+  },
+  limitations: [
+    "CloudWatch is too broad to mirror wholesale; only the metrics declared in `metricQueries` are synced; there is no automatic metric discovery.",
+    "The series name is derived from the query namespace/metric, so two queries against the same metric with different statistics or dimensions share one series name and are distinguished only by sample attributes.",
+    "Each query period must be a multiple of 60 seconds; sub-minute resolution is not supported.",
+    "A full sync uses lookbackMinutes; a latest sync uses a short window covering the last few periods."
+  ]
+});
+var metricDataResponseSchema = z2.object({
+  MetricDataResults: z2.array(
+    z2.object({
+      Id: z2.string(),
+      Label: z2.string(),
+      Timestamps: z2.array(z2.iso.datetime()),
+      Values: z2.array(z2.number()),
+      StatusCode: z2.enum([
+        "Complete",
+        "InternalError",
+        "PartialData",
+        "Forbidden"
+      ])
+    })
+  ),
+  NextToken: z2.string().optional()
+});
+var awsCloudwatchResources = defineResources({
+  "<namespace>/<metric>": {
+    shape: "metric",
+    dynamic: true,
+    description: "One metric series per declared metric query. The series name is the query namespace/metric (e.g. `AWS/EC2/CPUUtilization`), so the actual keys depend on the configured `metricQueries`. Each sample carries the query statistic, period, query id, the upstream status code, and label as attributes.",
+    endpoint: "POST / (GetMetricData)",
+    granularity: "Per query period (periodSeconds, a multiple of 60)",
+    notes: "Each sync replaces the full set of samples for the metric names it owns (idempotent).",
+    dimensions: [
+      {
+        name: "stat",
+        description: "The CloudWatch statistic requested for the query, e.g. Average, Sum, or p99."
+      },
+      {
+        name: "period",
+        description: "The aggregation period in seconds for the data points."
+      },
+      {
+        name: "queryId",
+        description: "The configured id of the metric query that produced the sample."
+      },
+      {
+        name: "statusCode",
+        description: "GetMetricData result status for the series (Complete, PartialData, InternalError, or Forbidden)."
+      },
+      {
+        name: "label",
+        description: "The human-readable label CloudWatch returned for the series."
+      }
+    ],
+    responses: { metric_data: metricDataResponseSchema }
+  }
+});
+var CLOUDWATCH_SERVICE = "monitoring";
+var CLOUDWATCH_API_VERSION = "2010-08-01";
+var MAX_QUERIES_PER_CALL = 500;
+var DEFAULT_LOOKBACK_MINUTES = 180;
+var MS_PER_MINUTE = 6e4;
+var CloudWatchConnector = class _CloudWatchConnector extends BaseAWSConnector {
+  static id = "aws-cloudwatch";
+  static resources = awsCloudwatchResources;
+  static schemas = schemasFromResources(awsCloudwatchResources);
+  static cost = {
+    warning: "CloudWatch GetMetricData is billed per metric requested on the paid tier; high-frequency syncs over many metrics add up."
+  };
+  static create(input, ctx) {
+    const parsed = configFields.parse(input);
+    return new _CloudWatchConnector(
+      {
+        region: parsed.region,
+        roleArn: parsed.roleArn,
+        externalId: parsed.externalId,
+        metricQueries: parsed.metricQueries,
+        lookbackMinutes: parsed.lookbackMinutes
+      },
+      {
+        accessKeyId: parsed.accessKeyId,
+        secretAccessKey: parsed.secretAccessKey
+      },
+      ctx
+    );
+  }
+  id = "aws-cloudwatch";
   computeWindow(options) {
     const endMs = Date.now();
     if (options.since) {
-      const sinceMs = parseEpoch(options.since, "iso");
+      const sinceMs = parseEpoch2(options.since, "iso");
       if (sinceMs !== null) {
         return { startMs: Math.min(sinceMs, endMs), endMs };
       }
@@ -546,9 +636,6 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
     });
     return params.toString();
   }
-  // -------------------------------------------------------------------------
-  // sync
-  // -------------------------------------------------------------------------
   async sync(options, storage, signal) {
     const queries = this.settings.metricQueries;
     const names = new Set(queries.map((q) => `${q.namespace}/${q.metric}`));
@@ -557,7 +644,6 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
     }
     const queriesById = new Map(queries.map((q) => [q.id, q]));
     const { startMs, endMs } = this.computeWindow(options);
-    const signingCredentials = await this.resolveSigningCredentials(signal);
     const samples = [];
     const host = `${CLOUDWATCH_SERVICE}.${this.settings.region}.amazonaws.com`;
     for (let i = 0; i < queries.length; i += MAX_QUERIES_PER_CALL) {
@@ -574,6 +660,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
           endMs,
           nextToken
         );
+        const signingCredentials = await this.resolveSigningCredentials(signal);
         const xml = await this.signedPost({
           host,
           service: CLOUDWATCH_SERVICE,
@@ -619,7 +706,7 @@ var CloudWatchConnector = class _CloudWatchConnector extends BaseConnector {
     };
     const count = Math.min(result.timestamps.length, result.values.length);
     for (let i = 0; i < count; i++) {
-      const ts = parseEpoch(result.timestamps[i], "iso");
+      const ts = parseEpoch2(result.timestamps[i], "iso");
       const value = result.values[i];
       if (ts === null || !Number.isFinite(value)) {
         continue;
@@ -634,6 +721,7 @@ var index_default = CloudWatchConnector;
 export {
   CloudWatchConnector,
   configFields,
-  index_default as default
+  index_default as default,
+  doc
 };
 //# sourceMappingURL=index.js.map