1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
2
The CloudWatch cross account features is enabled via a role in each source account, called CloudWatch-CrossAccountSharingRole. That role gives the monitoring account GetMetricData
API access.
To retrieve metrics from source accounts you just need to assume CloudWatch-CrossAccountSharingRole and then call GetMetricData
with the credentials returned from assume role. Code would be something like (note: untested):
sts = boto3.client("sts", region_name="us-east-1")
account_b = sts.assume_role(
RoleArn="arn:aws:iam::012345678901:role/CloudWatch-CrossAccountSharingRole",
RoleSessionName="cross_acct_cloud",
)
access_key = account_b["Credentials"]["AccessKeyId"]
secret_key = account_b["Credentials"]["SecretAccessKey"]
session_token = account_b["Credentials"]["SessionToken"]
cloudwatch = boto3.client(
"cloudwatch",
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
aws_session_token=session_token,
)
res = cloudwatch.get_metric_data(...)
respondido hace 2 años
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 años