Policy and permissions required by Site24x7 to access your AWS resources.
For a comprehensive AWS infrastructure monitoring, Site24x7 needs to auto-discover all instances of various supported services currently running in your account. For this to happen, you need to authenticate and authorize Site24x7 to access your AWS resource through any of the below methods:
- Role ARN for cross-account access
- CloudFormation IAM role-based access
- AWS Control Tower lifecycle events-based access
- AWS IAM Identity Center-based access
- Delegated Admin-based access
During this process, you'll be prompted to assign policies and permissions. These policies will determine the extent to which Site24x7 can access your AWS resources. Preferably, Site24x7 requires ReadOnly access to all the AWS resources that are currently supported for monitoring. This can either be accomplished by assigning the default AWS managed ReadOnlyAccess policy or by using the custom policy document created by Site24x7. Once attached, the policy will get embedded into the IAM user or cross-account role you create.
Once you've done this, use the Role ARN in the Site24x7 console to integrate your AWS account with Site24x7. Site24x7 will use the RoleARN to authenticate the API calls, and the permissions will be used to authorize the Read actions.
Related Articles
Why are my resources not being discovered?
When you cannot view the newly added Azure resources in your Azure monitor, you can check if Auto-discovery is disabled. If it is enabled, new resources will be added during auto-discovery. Manual triggering If your resource is not discovered, you ...
How can I choose resources in a monitor group for third-party integration
By associating the monitor group with a tag, you can select the resources in a monitor group for third-party integration. Read how to add a tag to a monitor group. Once you have added a tag to the group, choose the tag to integrate the resources ...
What are the common OAuth errors and how to solve them?
While configuring OAuth, here are a few errors that you might face. They are: Invalid Redirect URI - Error_invalid_redirect_uri Invalid Code - invalid_code OAuth Scope associated to the OAuth Access Token is disallowed. - error_code: 1120 Invalid ...
Necessary ports and domains to allow access to the installed On-Premise Poller in my secure network
If the On-Premise Poller is installed in a secure network, make sure you allow access to the below domains and ports in your firewall to facilitate communication between your server and the Site24x7 central server. Ports to allow: Port 443 (Outbound ...
Necessary domains, ports, and IP addresses to be allowlisted to allow access through my firewall for the server monitoring agent
The server monitoring agent uses one-way outbound HTTPS to communicate with the Site24x7 central server. Please provide access to the below ports and domains to facilitate this communication: Domains - dms.zoho.com (Device messaging system), ...