CloudWatch Core Plugin Firewall Rules and Destination

After installing Grafana OSS on our On-premises site, due to a POC evaluation process.
We have struggled with understanding which Firewall rules required, in order of the CloudWatch Datasource, to be able to work properly.

As the official documentation: https://grafana.com/docs/grafana/latest/datasources/aws-cloudwatch/, has no mention of Destination API Endpoint or URL/Port Number/Port Type/communication Direction etc.

Please advise,

The best way is to try and follow error message in this case. There should be some AWS API endpoint/port, which gives you a clue.

sorry for being rude, but do you consider that a proper answer?

Yes. If you dig into problem you will discover that there is no simple answer, because you can have configured custom, fips, regional, gov, … endpoints and you didn’t mention anything about your setup. So what is your expectation?

I can say, destination: TCP/443 52.46.135.95/32
And you will say no, because that’s not case (endpoint monitoring.us-gov-west-1.amazonaws.com). Should I then try again and try all options and waste your and my time?
Of course I can do that if I’m paid for that. So I provided the better option.
Another problem is that your setup may need access to AWS STS, so your “simple” question can be very complex in real world.

1 Like