AWS by HTTP documentation does not clearly explain authorization methods

XMLWordPrintable

    • Type: Documentation task
    • Resolution: Unresolved
    • Priority: Trivial
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      The AWS by HTTP template documentation lists the following values for {$AWS.AUTH_TYPE}:

      • access_key
      • assume_role
      • role_base

      However, it does not clearly explain the difference between them.

      In particular, it is unclear that:

      • access_key uses the configured IAM access key and secret key directly;
      • role_base uses credentials of the IAM role attached to the EC2 instance running the Zabbix server or proxy;
      • assume_role uses initial credentials to call AWS STS AssumeRole and obtain credentials for another IAM role;
      • with {$AWS.ASSUME.ROLE.AUTH.METADATA}=true, the initial credentials for assume_role are obtained from the EC2 instance role.

      Please update the AWS by HTTP template documentation with a short comparison of the three authorization methods and indicate which configuration should be used for cross-account monitoring without IAM access keys.

            Assignee:
            Zabbix Integration Team
            Reporter:
            Piotr Wegrzyn
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: