Policy and permissions required by Site24x7 to access your AWS resources.

Policy and permissions required by Site24x7 to access your AWS resources.

For a comprehensive AWS infrastructure monitoring, Site24x7 needs to auto-discover all instances of various supported services currently running in your account. For this to happen, you need to authenticate and authorize Site24x7 to access your AWS resource through any of the below methods:
  1. Role ARN for cross-account access
  2. CloudFormation IAM role-based access
  3. AWS Control Tower lifecycle events-based access
  4. AWS IAM Identity Center-based access
  5. Delegated Admin-based access
During this process, you'll be prompted to assign policies and permissions. These policies will determine the extent to which Site24x7 can access your AWS resources. Preferably, Site24x7 requires ReadOnly access to all the AWS resources that are currently supported for monitoring. This can either be accomplished by assigning the default AWS managed ReadOnlyAccess policy or by using the custom policy document created by Site24x7. Once attached, the policy will get embedded into the IAM user or cross-account role you create.

Once you've done this, use the Role ARN in the Site24x7 console to integrate your AWS account with Site24x7. Site24x7 will use the RoleARN to authenticate the API calls, and the permissions will be used to authorize the Read actions.

To learn more about the various policies and permissions, please read our product documentation.

    • Related Articles

    • How to provide ReadOnly access to your AWS resources via the AWS IAM console?

      Grant access to your AWS account Site24x7 makes programmatic API calls to your AWS resources to collect performance metrics and metadata. For this to occur, you (AWS account holder) need to grant access and connect your AWS account with Site24x7. An ...

    • Define IP address conditions in AWS IAM policies for enhanced security.

      Site24x7 makes programmatic calls to your AWS account using access keys (Secret Access Key and Access Key ID) or RoleARN to gather metrics of supported AWS resources, mentioned in the IAM policy document. For extra security, the user can define ...

    • Tag-based service discovery for AWS resources

      While you integrate your AWS account with Site24x7, add tags that enable you to control which AWS resource must get discovered and monitor them. Perform Include and Exclude tags operation simultaneously along with an OR/AND logic to filter the AWS ...

    • Cisco Meraki Dashboard Access vs API Access Explained

      When configuring Cisco Meraki monitors in Site24x7, the API endpoint used determines whether the request is treated as API access or Dashboard access. If the incorrect allowlist is configured, API requests may fail even though authentication details ...

    • How to exclude specific AWS resources from being discovered?

      By default, Site24x7 automatically discovers and monitors all AWS resources mentioned in the policy statement. As an addition, if you want to monitor distinct resources in your production or test environment or limit the number of API calls to AWS, ...