1 Answer
- Newest
- Most votes
- Most comments
1
There is no need to explicitly specify the region in the CloudWatch agent configuration for an EC2 instance. The agent will automatically send the logs to the region where the instance is located. You only need to specify the region if you want to send your logs to a different region. See the documentation for details.
This error (AWS was not able to validate the provided access credentials) occurs when the credentials the API calls are signed with are either invalid or have invalid timestamp. There might be multiples causes for this issue:
- Ensure you have no configured AWS credentials on the EC2 instance (there should be no credentials in
~/.aws/config
or~/.aws/credentials
or in the environment variables or in the agent configuration file) - the credentials will be obtained automatically by the EC2 instance using the STS service - Make sure the system time on your EC2 instance is valid and synchronized (including the time zone)
- If you are running your instances in one of the new regions not enabled by default (such as Asia Pacific (Hong Kong)), consider configuring the STS global endpoint to issue tokens using the new token format, see this knowledge center post for details
answered 3 years ago
Relevant content
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 6 months ago