Does Grafana support the use of different endpoints for Security Token Service and CloudWatch in order to configure the CloudWatch data source for non-public AWS cloud (aka C2S)?
Any solution to this?
Hello,
I’m facing the same need.
My Grafana server is in a non internet facing VPC.
I’m trying to monitor several AWS accounts by creating several Cloudwatch data source using custom role ARNs to assume for each account.
The problem is that the request goes to sts.amazonaws.com directly, preventing the possibility to use STS regional endpoints (like sts.eu-west-1.amazonaws.com using STS VPC endpoints).
If I configure the proxy settings to allow initial call to pass (and adding NO_PROXY=169.254.169.254), then it would workd but ideally, we don’t need to go through internet.
Thank you
Hello,
My Grafana server is in a non internet facing VPC.
I’m trying to monitor several AWS accounts by creating several Cloudwatch data source using custom role ARNs to assume for each account.
The problem is that the request goes to sts.amazonaws.com directly, preventing the possibility to use STS regional endpoints (like sts.eu-west-1.amazonaws.com using STS VPC endpoints).
How to solve above issue ?
Yes, endpoint works perfectly fine. I am able to telnet from grafana server also nslookup returns IPs associated with STS endpoint.
I would say that’s not possible. There is no reference about STSRegionalEndpointOption
in the current main
source code. It can be your opportunity to create PR (or at least feature request).
Hi Jangaraj,
Thank you for your response. In that case , i’ve to use proxy to configure datasource for different account. I’ll raise PR for this feature so that i can help in future.