Policy and permissions required by Site24x7 to access your AWS resources.

Policy and permissions required by Site24x7 to access your AWS resources.

For a comprehensive AWS infrastructure monitoring, Site24x7 needs to auto-discover all instances of various supported services currently running in your account. For this to happen, you need to authenticate and authorize Site24x7 to access your AWS resource through any of the below methods:
  1. Role ARN for cross-account access
  2. CloudFormation IAM role-based access
  3. AWS Control Tower lifecycle events-based access
  4. AWS IAM Identity Center-based access
  5. Delegated Admin-based access
During this process, you'll be prompted to assign policies and permissions. These policies will determine the extent to which Site24x7 can access your AWS resources. Preferably, Site24x7 requires ReadOnly access to all the AWS resources that are currently supported for monitoring. This can either be accomplished by assigning the default AWS managed ReadOnlyAccess policy or by using the custom policy document created by Site24x7. Once attached, the policy will get embedded into the IAM user or cross-account role you create.

Once you've done this, use the Role ARN in the Site24x7 console to integrate your AWS account with Site24x7. Site24x7 will use the RoleARN to authenticate the API calls, and the permissions will be used to authorize the Read actions.

To learn more about the various policies and permissions, please read our product documentation.