In CloudRun, my developer can't see the metrics on the CloudRun service dashboard, but they can see the metrics on the metrics dashboard. What policy am I missing?
The CloudRun Dashboard Missing Metrics Charts:
The IAM Policy:
Expected Dashboard:
check if you have a pop-up blocker or any kind of blocker extension
I was able to solve this and get some data on the graphs by granting the user the role of Monitoring Viewer.
Since you already have that, #valentin22 answer might still be worth a try.
Related
I want an IAM user to have read/List access and start/stop access to AWS workspaces. Hence I've created a simple IAM policy which grants all read and list actions.
but this was not enough. I was displayed with an error message An Error Has Occurred There was an error retrieving information about your WorkSpaces. Upon investigating cloudtrail, I found that the user need read/list permissions to KMS and AWSDirectory Service. Hence granted that too but when I login again, I still see the same error. Even tried attaching EC2 full access too but still the same error. Is this a potential bug?
The same issue has been discussed in AWS forum too but no resolution there.
https://forums.aws.amazon.com/thread.jspa?threadID=236408
KMS policy and Directory service policy below.
DS:
KMS:
Error Screenshot:
I've found the solution for this. AWS has bizarre limitation where if you want to access workspaces via console, then you need to give full access (workspaces:*) only. Below is a screenshot from the document that states this. Highly disappointed with AWS regarding this limitation.
https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html
Have you tried a policy similar to the one in the documentation. It includes some services in addition to the once you have tried already.
I am trying to add role cloud sql client to my service account but got this warning Utilization analysis for this binding has not been processed.
because of this i unable to use the service account for my application
how i fix this?
You must be seeing ? icon which shows: "Utilization analysis for this binding has not been processed".
It is not a warning, and probably not the reason for your issue.
Check this
For newly created service accounts (managed by google) Utilization analysis is calculated after 90 days, after which it gives recommendations on Permissions that are not needed for that service account ie. Analyzed Permissions.
After enabling cross-account, cross-region access (in AWS CloudWatch Settings) in both the monitoring account and the sharing account, I receive an error in the CloudWatch Logs console upon selecting the sharing account from the drop-down at the top of the page:
"Logs can only be viewed for the account logged in - XXX. You are viewing data for YYY.Go back to XXX in us-east-1"
Viewing cross-account metrics and dashboards are working well, but logs are most useful to my use case. What could cause this error on the console?
I have the monitoring and sharing roles set up per the instructions here: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region
Unfortunately, as at time of writing (2021-12-22), cross-account CloudWatch only supports dashboards, alarms, metrics and automatic dashboards. Logs are not yet visible across accounts.
From the documentation, my emphasis:
This functionality provides you with cross-account visibility to your dashboards, alarms, metrics, and automatic dashboards without having to log in and log out of different accounts.
we have a multiple account setup in aws. Apps A,B,C are deployed into their own accounts. I want to export cloudwatch metrics (only metrics not logs) into monitoring-account (say) so that I can monitor and keep a tab on it
I have tried googling but couldnt find anything. please help
AWS recently announced a feature to enable cross account access of CloudWatch Metrics. Step by step instructions can be see at the following url:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html
Centralized logging is an important requirement for various purposes such as logging, compliance, etc. It is also a recommendation form AWS to aggregate your logs in a separate account. But it requires a bit of work and understand how it all works. Here is an official AWS blog giving you step by step approach.
AWS Centralized Logging blog
using cloudwatch agent config, https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html
credentials param can be supplied with the cross account role arn.
Thanks,
I want to add dashboards(including the metrics) in aws account A to my aws account B in AWS CloudWatch, is it possible to do that? In order to do that, what kind of permission should I have to add dashboards from account A?
Thank you.
CloudWatch now supports cross account cross region dashboards. See the documentation - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region
EDIT: This is now a supported feature in CloudWatch Console - see the official documentation
This is not something supported by CloudWatch today, but you could use CloudWatch GetMetricWidgetImage API to basically snapshot the data, put the graph image in a shared s3 bucket and display that instead.
See an example here