-
Type:
Documentation task
-
Resolution: Unresolved
-
Priority:
Trivial
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
The AWS by HTTP template documentation lists the following values for {$AWS.AUTH_TYPE}:
- access_key
- assume_role
- role_base
However, it does not clearly explain the difference between them.
In particular, it is unclear that:
- access_key uses the configured IAM access key and secret key directly;
- role_base uses credentials of the IAM role attached to the EC2 instance running the Zabbix server or proxy;
- assume_role uses initial credentials to call AWS STS AssumeRole and obtain credentials for another IAM role;
- with {$AWS.ASSUME.ROLE.AUTH.METADATA}=true, the initial credentials for assume_role are obtained from the EC2 instance role.
Please update the AWS by HTTP template documentation with a short comparison of the three authorization methods and indicate which configuration should be used for cross-account monitoring without IAM access keys.