CEE 2.1.0.
Guys?
Someone asked this in the past.
There was no answer.
Can i monitor AWS accounts / instances using roles?
We cannot use credentials, pero company policy.
Thank you!!
In the exisiting special agent, there is already support for AWS Assume Role which lets you access resources from another account. This feature enables CheckMK to monitor resources from another AWS account without an explicit monitoring user.
Yes, i saw it, but you cannot left empty the “access key ID” and “secret access key” fields.
Any more detail please?
Maybe we need assume_role_with_web_identity where you don’t need to specify any key or ID and just the following is sufficient:
- RoleArn
- RoleSessionName
- WebIdentityToken
Sorry, this is not implemented yet.
Understood.
On the meantime, is there anything i can do to bypass those empty fields?
Have you read this?
Will that work?
That should work as in this case the user is also using AWS_WEB_IDENTITY_TOKEN_FILE