New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

150.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


How do I define access rights for Amazon CloudWatch queries?

Votes:

0

Your Vote:

Up

Down

I use an Amazon CloudWatch sensor in PRTG.

I activated CloudWatch metrics in the AWS console at Amazon, but the sensor shows an error message:

You are not authorized to perform this operation.

How do I set according access rights?

amazon cloudwatch help permissions prtg

Created on Jun 28, 2012 8:13:37 AM by  Daniel Zobel [Paessler Support]

Last change on Dec 10, 2015 11:03:45 AM by  Gerald Schoch [Paessler Support]



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 15.x.19 or later

Setting Rights for CloudWatch Metrics

The IAM account you use with the Amazon CloudWatch sensors needs sufficient rights to query CloudWatch metrics. To allow those queries for all supported services, please use the following rights:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1338559359622",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559372809",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "cloudwatch:DescribeAlarms"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559399560",
      "Action": [
        "elasticache:DescribeCacheClusters"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559439473",
      "Action": [
        "elasticloadbalancing:DescribeLoadBalancers"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559468079",
      "Action": [
        "rds:DescribeDBInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559518608",
      "Action": [
        "sns:ListPlatformApplications",
        "sns:ListTopics"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559548992",
      "Action": [
        "sqs:ListQueues"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450719990448",
      "Action": [
        "autoscaling:DescribeAutoScalingGroups"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450720132953",
      "Action": [
        "lambda:ListFunctions"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}


See Also

Knowledge Base: How much does Amazon charge for using the CloudWatch API?

Created on Aug 25, 2015 7:43:12 AM by  Martina Wittmann [Paessler Support]

Last change on Aug 8, 2016 11:15:26 AM by  Gernot Auerswald [Paessler Support]



2 Replies

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 12 through 15.x.18


This article is deprecated because it applies to the Amazon CloudWatch Sensor that was delivered until PRTG Network Monitor version 15.x.18.

Please use the new Amazon CloudWatch sensors as of PRTG Network Monitor v15.x.19!


Setting Rights for CloudWatch Metrics

The IAM account you use with the Amazon CloudWatch sensor needs sufficient rights to query CloudWatch metrics. To allow those queries for all supported services, please use the following rights:

{
  "Statement": [
    {
      "Sid": "Stmt1338559359622",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1338559372809",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1338559399560",
      "Action": [
        "elasticache:DescribeCacheClusters"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1338559439473",
      "Action": [
        "elasticloadbalancing:DescribeLoadBalancers"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1338559468079",
      "Action": [
        "rds:DescribeDBInstances"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1338559518608",
      "Action": [
        "sns:ListTopics"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1338559548992",
      "Action": [
        "sqs:ListQueues"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}


Changes: In PRTG 13.4.8 a bug was fixed, where the wrong API call was used for Listing the SNS instances. Now the "ListTopics" permission is required and the "ListSubscriptions" permission is not required anymore.

See Also

How much does Amazon charge for using the CloudWatch API?

Created on Jun 28, 2012 8:17:33 AM by  Daniel Zobel [Paessler Support]

Last change on Dec 10, 2015 11:02:54 AM by  Gerald Schoch [Paessler Support]



Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 15.x.19 or later

Setting Rights for CloudWatch Metrics

The IAM account you use with the Amazon CloudWatch sensors needs sufficient rights to query CloudWatch metrics. To allow those queries for all supported services, please use the following rights:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1338559359622",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559372809",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "cloudwatch:DescribeAlarms"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559399560",
      "Action": [
        "elasticache:DescribeCacheClusters"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559439473",
      "Action": [
        "elasticloadbalancing:DescribeLoadBalancers"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559468079",
      "Action": [
        "rds:DescribeDBInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559518608",
      "Action": [
        "sns:ListPlatformApplications",
        "sns:ListTopics"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559548992",
      "Action": [
        "sqs:ListQueues"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450719990448",
      "Action": [
        "autoscaling:DescribeAutoScalingGroups"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450720132953",
      "Action": [
        "lambda:ListFunctions"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}


See Also

Knowledge Base: How much does Amazon charge for using the CloudWatch API?

Created on Aug 25, 2015 7:43:12 AM by  Martina Wittmann [Paessler Support]

Last change on Aug 8, 2016 11:15:26 AM by  Gernot Auerswald [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.