1 回答
- 最新
- 投票最多
- 评论最多
2
The CloudWatch cross account features is enabled via a role in each source account, called CloudWatch-CrossAccountSharingRole. That role gives the monitoring account GetMetricData
API access.
To retrieve metrics from source accounts you just need to assume CloudWatch-CrossAccountSharingRole and then call GetMetricData
with the credentials returned from assume role. Code would be something like (note: untested):
sts = boto3.client("sts", region_name="us-east-1")
account_b = sts.assume_role(
RoleArn="arn:aws:iam::012345678901:role/CloudWatch-CrossAccountSharingRole",
RoleSessionName="cross_acct_cloud",
)
access_key = account_b["Credentials"]["AccessKeyId"]
secret_key = account_b["Credentials"]["SecretAccessKey"]
session_token = account_b["Credentials"]["SessionToken"]
cloudwatch = boto3.client(
"cloudwatch",
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
aws_session_token=session_token,
)
res = cloudwatch.get_metric_data(...)
已回答 2 年前
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前