Site24x7 makes programmatic API calls to your AWS resources to collect performance metrics and metadata. For this to occur, you (AWS account holder) need to grant access and connect your AWS account with Site24x7. An AWS account holder can grant access to Site24x7 via two methods – IAM user creation and cross-account IAM role access.
IAM User Creation
Login to your AWS IAM (Identity and Access Management) console, create Site24x7 as an IAM user, assign policy permissions and generate access keys (Access Key ID and Secret Access Key ).
Cross-account IAM role access
Login to you AWS IAM console (Identity Access Management) console, create a cross-account IAM role between your AWS account and Site24x7s AWS account, configure Site24x7s Account ID and unique external ID, assign policy permissions and generate RoleARN.
Once done, paste the Access keys (Access Key ID and Secret Access Key ) or RoleARN in the Site24x7 console, to start monitoring.
Policies and Permissions
No matter the method, an AWS root account holder or administrator needs to assign Site24x7 with permissions, these permissions will authorize the API calls and determine which AWS resource can be accessed.
- The AWS root account holder can attach the default IAM Managed Policy named "ReadOnly Access" to Site24x7. This set of permissions provide ReadOnly Access to active resources on most AWS services
- The root account holder can limit Site24x7's scope of monitoring to certain AWS services by attaching specific policy permissions. For example, they can attach the default "Amazon EC2 ReadOnly Role" if they want to limit monitoring to EC2 instances and related services.
For a complete AWS infrastructure monitoring, you need to help Site24x7 discover all the AWS resources it supports. This can be done by pasting the custom policy JSON as an inline policy. This policy provides Site24x7 ReadOnly Access to the following AWS services and resources:
- Auto Scaling
- AWS CloudWatch
- Amazon Elastic Compute Cloud (EC2)
- Amazon Relational Database Service (RDS)
- Amazon Simple Storage Service (S3)
- Amazon Route 53
- Amazon Elastic Load Balancer (Classic) and Application type.
- Amazon Simple Notification Service (SNS)
You can also create your own policy with specific permissions to monitor specific AWS resources. To learn more, please read our product documentation.