Fix cloudwatch output requires unneeded permissions (#3335)
This commit is contained in:
parent
0f9f757da7
commit
bf9f94eb9d
|
@ -13,6 +13,8 @@ API endpoint. In the following order the plugin will attempt to authenticate.
|
||||||
5. [Shared Credentials](https://github.com/aws/aws-sdk-go/wiki/configuring-sdk#shared-credentials-file)
|
5. [Shared Credentials](https://github.com/aws/aws-sdk-go/wiki/configuring-sdk#shared-credentials-file)
|
||||||
6. [EC2 Instance Profile](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
|
6. [EC2 Instance Profile](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
|
||||||
|
|
||||||
|
The IAM user needs only the `cloudwatch:PutMetricData` permission.
|
||||||
|
|
||||||
## Config
|
## Config
|
||||||
|
|
||||||
For this output plugin to function correctly the following variables
|
For this output plugin to function correctly the following variables
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
||||||
|
"github.com/aws/aws-sdk-go/service/sts"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
internalaws "github.com/influxdata/telegraf/internal/config/aws"
|
internalaws "github.com/influxdata/telegraf/internal/config/aws"
|
||||||
|
@ -71,21 +72,20 @@ func (c *CloudWatch) Connect() error {
|
||||||
}
|
}
|
||||||
configProvider := credentialConfig.Credentials()
|
configProvider := credentialConfig.Credentials()
|
||||||
|
|
||||||
svc := cloudwatch.New(configProvider)
|
stsService := sts.New(configProvider)
|
||||||
|
|
||||||
params := &cloudwatch.ListMetricsInput{
|
params := &sts.GetSessionTokenInput{}
|
||||||
Namespace: aws.String(c.Namespace),
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err := svc.ListMetrics(params) // Try a read-only call to test connection.
|
_, err := stsService.GetSessionToken(params)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("E! cloudwatch: Error in ListMetrics API call : %+v \n", err.Error())
|
log.Printf("E! cloudwatch: Cannot use credentials to connect to AWS : %+v \n", err.Error())
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
c.svc = svc
|
c.svc = cloudwatch.New(configProvider)
|
||||||
|
|
||||||
return err
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *CloudWatch) Close() error {
|
func (c *CloudWatch) Close() error {
|
||||||
|
|
Loading…
Reference in New Issue