All Products
Search

This Product

    Managed Service for Prometheus:Import data from open-source Prometheus through remote write

    Document Center

    Managed Service for Prometheus:Import data from open-source Prometheus through remote write

    Last Updated:Mar 11, 2026

    When you run a self-managed Prometheus server, you are responsible for storage capacity, retention, and high availability of your metrics data. Managed Service for Prometheus provides a standard remote_write endpoint that lets you forward metrics from your self-managed Prometheus to a managed instance, where you can collect and view custom data.

    How it works

    1. Your self-managed Prometheus server scrapes targets and stores metrics locally.

    2. The remote_write section in prometheus.yml sends a copy of every scraped sample to the Managed Service for Prometheus endpoint over HTTP.

    3. Managed Service for Prometheus ingests the data. You can then query it through dashboards in the built-in console.

    The remote write endpoint does not support HTTP/2.

    Prerequisites

    Before you begin, make sure that you have:

    • A Managed Service for Prometheus instance. See the Create a Prometheus instance section of the Manage Prometheus instances topic

    • An AccessKey pair (AccessKey ID and AccessKey secret) for an Alibaba Cloud account or a RAM user with the required permissions. See Obtain an AccessKey pair

    • Open-source Prometheus installed on a server that can reach the remote write endpoint. See Prometheus downloads

    Quick start

    Add the following remote_write block to your existing prometheus.yml and restart Prometheus:

    remote_write:
  - url: "<remote-write-url>"
    basic_auth:
      username: "<accesskey-id>"
      password: "<accesskey-secret>"
    PlaceholderValue
    <remote-write-url>The remote write URL from your Managed Service for Prometheus instance settings. See Get the remote write URL
    <accesskey-id>Your Alibaba Cloud account or RAM user AccessKey ID
    <accesskey-secret>Your Alibaba Cloud account or RAM user AccessKey secret

    For the full setup, follow the steps below.

    Grant permissions to a RAM user (optional)

    Skip this step if you use an Alibaba Cloud account AccessKey pair. If you use a Resource Access Management (RAM) user AccessKey pair instead, grant the RAM user full permissions on Application Real-Time Monitoring Service (ARMS) first.

    1. Log on to the RAM console with an Alibaba Cloud account or as a RAM administrator.

    2. In the left-side navigation pane, choose Permissions > Grants.

    3. On the Permission page, click Grant Permission.

    4. In the panel that appears, configure the following parameters:

      The AliyunARMSFullAccess policy grants full permissions on ARMS, including the ability to view, modify, and delete all instances managed in ARMS.
      ParameterDescription
      Resource ScopeSelect a scope based on your requirements
      PrincipalSelect the RAM user
      PolicySelect AliyunARMSFullAccess

    5. Click Grant permissions, then click Close.

    Get the remote write URL

    1. Log on to the Managed Service for Prometheus console.

    2. In the left-side navigation pane, click Instances.

    3. In the top navigation bar, select the region where your Prometheus instance resides. Find your instance and click Settings in the Actions column.

    4. On the Settings tab, copy the remote write URL for importing data over the Internet or internal network.

      URL typeWhen to use
      Internet URLYour self-managed Prometheus server is outside the Alibaba Cloud network
      Internal network URLYour self-managed Prometheus server runs on an Alibaba Cloud ECS instance

      Remote write URL on the Settings tab

    Configure remote write in Prometheus

    Add a remote_write section to your prometheus.yml file:

    remote_write:
  - url: "<remote-write-url>"
    basic_auth:
      username: "<accesskey-id>"
      password: "<accesskey-secret>"

    Replace the following placeholders with your actual values:

    PlaceholderDescriptionExample
    <remote-write-url>The remote write URL you copied in the previous stephttp://ts-xxxxxxxxxxxx.hitsdb.rds.aliyuncs.com:3242/api/prom_write
    <accesskey-id>The AccessKey ID of your Alibaba Cloud account or RAM userLTAI5tXxx
    <accesskey-secret>The AccessKey secret of your Alibaba Cloud account or RAM userxXxXxXx

    After you save the file, restart Prometheus to apply the configuration.

    The basic_auth credentials are required for both Internet and internal network remote write URLs.

    Full configuration example

    If you are setting up Prometheus from scratch, here is a complete prometheus.yml that scrapes the local Prometheus server and forwards all metrics to Managed Service for Prometheus:

    global:
  scrape_interval: 15s
  evaluation_interval: 15s

scrape_configs:
  - job_name: "prometheus"
    static_configs:
      - targets: ["localhost:9090"]

remote_write:
  - url: "<remote-write-url>"
    basic_auth:
      username: "<accesskey-id>"
      password: "<accesskey-secret>"

    Verify the data import

    After Prometheus restarts with the new configuration, verify that data is flowing to the managed instance:

    1. Log on to the Managed Service for Prometheus console.

    2. In the left-side navigation pane, click Instances.

    3. Select the region of your instance, then click the instance name.

    4. In the left-side navigation pane, click Dashboards. Open a dashboard and confirm that metrics from your self-managed Prometheus appear.

      It may take a few minutes for the first batch of metrics to appear after you restart Prometheus.

    Production recommendations

    Security

    • Use a RAM user with the minimum required permissions instead of an Alibaba Cloud account AccessKey pair.

    • Restrict file permissions on prometheus.yml so that only the Prometheus process user can read it, because the file contains your AccessKey secret in plain text.

        chmod 600 prometheus.yml
  chown prometheus:prometheus prometheus.yml

    • Rotate your AccessKey pair periodically and update prometheus.yml accordingly.

    Performance tuning

    If you send a high volume of metrics, add a queue_config section to tune remote write throughput. For details on all tuning parameters, see Prometheus remote write tuning.

    remote_write:
  - url: "<remote-write-url>"
    basic_auth:
      username: "<accesskey-id>"
      password: "<accesskey-secret>"
    queue_config:
      max_samples_per_send: 1000
      max_shards: 200
      capacity: 2500
    ParameterDescription
    max_samples_per_sendMaximum number of samples per write request
    max_shardsMaximum number of parallel write connections
    capacityNumber of samples to buffer per shard before blocking scrapes

    Troubleshooting

    SymptomPossible causeSolution
    Authentication errors in Prometheus logsIncorrect AccessKey ID or AccessKey secretVerify the basic_auth username and password in prometheus.yml match a valid AccessKey pair
    No data in dashboards after several minutesWrong remote write URL or network connectivity issueConfirm the URL matches the one on the Settings tab. If you use the internal URL, make sure your server can reach the endpoint
    Connection refused or timeout errorsFirewall or security group blocks outbound traffic to the endpointAllow outbound access to the remote write URL and port from your Prometheus server

    Related topics