Using different Cloudwatch Endpoints

Does Grafana support the use of different endpoints for Security Token Service and CloudWatch in order to configure the CloudWatch data source for non-public AWS cloud (aka C2S)?

monitoring.us-east-1.amazonaws.com

Any solution to this?

Hello,

I’m facing the same need.

My Grafana server is in a non internet facing VPC.

I’m trying to monitor several AWS accounts by creating several Cloudwatch data source using custom role ARNs to assume for each account.

The problem is that the request goes to sts.amazonaws.com directly, preventing the possibility to use STS regional endpoints (like sts.eu-west-1.amazonaws.com using STS VPC endpoints).

If I configure the proxy settings to allow initial call to pass (and adding NO_PROXY=169.254.169.254), then it would workd but ideally, we don’t need to go through internet.

Thank you

Hello,

My Grafana server is in a non internet facing VPC.

I’m trying to monitor several AWS accounts by creating several Cloudwatch data source using custom role ARNs to assume for each account.

The problem is that the request goes to sts.amazonaws.com directly, preventing the possibility to use STS regional endpoints (like sts.eu-west-1.amazonaws.com using STS VPC endpoints).

How to solve above issue ?

Did you configure endpoint correctly?

Yes, endpoint works perfectly fine. I am able to telnet from grafana server also nslookup returns IPs associated with STS endpoint.

I would say that’s not possible. There is no reference about STSRegionalEndpointOption in the current main source code. It can be your opportunity to create PR (or at least feature request).

Hi Jangaraj,

Thank you for your response. In that case , i’ve to use proxy to configure datasource for different account. I’ll raise PR for this feature so that i can help in future.