Fix cloudwatch output requires unneeded permissions (#3335)
This commit is contained in:
		
							parent
							
								
									0f9f757da7
								
							
						
					
					
						commit
						bf9f94eb9d
					
				|  | @ -13,6 +13,8 @@ API endpoint. In the following order the plugin will attempt to authenticate. | ||||||
| 5. [Shared Credentials](https://github.com/aws/aws-sdk-go/wiki/configuring-sdk#shared-credentials-file) | 5. [Shared Credentials](https://github.com/aws/aws-sdk-go/wiki/configuring-sdk#shared-credentials-file) | ||||||
| 6. [EC2 Instance Profile](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) | 6. [EC2 Instance Profile](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) | ||||||
| 
 | 
 | ||||||
|  | The IAM user needs only the `cloudwatch:PutMetricData` permission. | ||||||
|  | 
 | ||||||
| ## Config | ## Config | ||||||
| 
 | 
 | ||||||
| For this output plugin to function correctly the following variables | For this output plugin to function correctly the following variables | ||||||
|  |  | ||||||
|  | @ -9,6 +9,7 @@ import ( | ||||||
| 
 | 
 | ||||||
| 	"github.com/aws/aws-sdk-go/aws" | 	"github.com/aws/aws-sdk-go/aws" | ||||||
| 	"github.com/aws/aws-sdk-go/service/cloudwatch" | 	"github.com/aws/aws-sdk-go/service/cloudwatch" | ||||||
|  | 	"github.com/aws/aws-sdk-go/service/sts" | ||||||
| 
 | 
 | ||||||
| 	"github.com/influxdata/telegraf" | 	"github.com/influxdata/telegraf" | ||||||
| 	internalaws "github.com/influxdata/telegraf/internal/config/aws" | 	internalaws "github.com/influxdata/telegraf/internal/config/aws" | ||||||
|  | @ -71,21 +72,20 @@ func (c *CloudWatch) Connect() error { | ||||||
| 	} | 	} | ||||||
| 	configProvider := credentialConfig.Credentials() | 	configProvider := credentialConfig.Credentials() | ||||||
| 
 | 
 | ||||||
| 	svc := cloudwatch.New(configProvider) | 	stsService := sts.New(configProvider) | ||||||
| 
 | 
 | ||||||
| 	params := &cloudwatch.ListMetricsInput{ | 	params := &sts.GetSessionTokenInput{} | ||||||
| 		Namespace: aws.String(c.Namespace), |  | ||||||
| 	} |  | ||||||
| 
 | 
 | ||||||
| 	_, err := svc.ListMetrics(params) // Try a read-only call to test connection.
 | 	_, err := stsService.GetSessionToken(params) | ||||||
| 
 | 
 | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Printf("E! cloudwatch: Error in ListMetrics API call : %+v \n", err.Error()) | 		log.Printf("E! cloudwatch: Cannot use credentials to connect to AWS : %+v \n", err.Error()) | ||||||
|  | 		return err | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	c.svc = svc | 	c.svc = cloudwatch.New(configProvider) | ||||||
| 
 | 
 | ||||||
| 	return err | 	return nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (c *CloudWatch) Close() error { | func (c *CloudWatch) Close() error { | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue