New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


How do I set permissions for the Amazon Web Services (AWS) API key to use certain sensors in PRTG?

Votes:

0

Your Vote:

Up

Down

I use an Amazon CloudWatch sensor. In my AWS account, I activated CloudWatch metrics, but the sensor shows the error message You are not authorized to perform this operation.

Furthermore, I want to use the AWS Cost sensor. I know that the sensor requires permissions for the API key, but I do not know how to set the respective rights in my AWS account.

What do I have to do?

amazon api-key aws aws-cost-sensor cloudwatch help permissions prtg

Created on Jun 28, 2012 8:13:37 AM by  Daniel Zobel [Paessler Support]

Last change on Mar 25, 2020 8:59:05 AM by  Maike Behnsen [Paessler Support]



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies as of PRTG 20

Setting permissions for the AWS API key

There are several sensors with which you can monitor single Amazon web services or your Amazon Web Services (AWS) account:

All these sensors need sufficient rights to query data from the AWS API. Take the following steps to give the sensors listed above the required permissions.

Step 1: Create a new policy

  1. Log in to your AWS account and go to the Identity and Access Management (IAM) console.
  2. Click the Policies tab and create a new policy.
  3. In step 1 of the Create policy dialog, select the JSON tab and enter the following definition:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1338559359622",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559372809",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "cloudwatch:DescribeAlarms"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559399560",
      "Action": [
        "elasticache:DescribeCacheClusters"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559439473",
      "Action": [
        "elasticloadbalancing:DescribeLoadBalancers"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559468079",
      "Action": [
        "rds:DescribeDBInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559518608",
      "Action": [
        "sns:ListPlatformApplications",
        "sns:ListTopics"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559548992",
      "Action": [
        "sqs:ListQueues"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450719990448",
      "Action": [
        "autoscaling:DescribeAutoScalingGroups"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450720132953",
      "Action": [
        "lambda:ListFunctions"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "CostExplorerRead",
      "Effect": "Allow",
      "Action": [
        "ce:GetCostAndUsage",
        "ce:GetCostForecast",
        "ce:GetDimensionValues",
        "ce:GetCostAndUsageWithResources",
        "ce:GetUsageForecast"
      ],
      "Resource": "*"
     }
   ]
 }

4. In step 2 of the Create policy dialog, give the new policy a meaningful name, for example, MonitoringPolicy.

Create new policy
Click to enlarge.

5. Click Create policy to save the new policy.

Step 2: Create a new group and attach the new policy

  1. Click the Groups tab.
  2. Create a new group and give it a meaningful name, for example, MonitoringGroup.
  3. On the Attach Policy page, map the new policy to the new group by enabling the check box next to the Policy Name.
  4. Click Next Step to review your settings.

Step 3: Add a new user to the new group

  1. Click the Users tab and create a new user.
  2. Click Add user to groups to add the new user to the new MonitoringGroup.

    Add New User to Group
    Click to enlarge.

  3. Select Programmic Access to give the new user the required permissions for the API key.
  4. To review and confirm the permissions you set, click the Policies tab and select Policy summary.

    CloudWatch Service Details
    Click to enlarge.

Step 4: Generate the Access Key and the Secret Key

  1. Click the Users tab and select the user that you created in Step 3: Add a new user to the new group.
  2. On the Security Credentials tab, select Create Access Key.
  3. Download and store the .csv file that contains the Access Key and the Secret Key.
    Note: The Access Key and the Secret Key are only displayed in the IAM once.
  4. Enter these AWS credentials on the Settings tab of the AWS Cost sensor’s parent device or group in the Credentials for AWS section.

More

Created on Jul 24, 2018 9:05:33 AM by  Brandy Greger [Paessler Support]

Last change on Mar 25, 2020 9:43:52 AM by  Maike Behnsen [Paessler Support]



3 Replies

Votes:

0

Your Vote:

Up

Down

Hi is it Possible to use AWS tags to scope the sensors?

Created on Dec 7, 2017 11:32:22 AM by  nand0l (0)



Votes:

0

Your Vote:

Up

Down

In what way would you scope them? Can you give me some more information?

Created on Dec 8, 2017 3:47:39 AM by  Benjamin Day [Paessler Support]



Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies as of PRTG 20

Setting permissions for the AWS API key

There are several sensors with which you can monitor single Amazon web services or your Amazon Web Services (AWS) account:

All these sensors need sufficient rights to query data from the AWS API. Take the following steps to give the sensors listed above the required permissions.

Step 1: Create a new policy

  1. Log in to your AWS account and go to the Identity and Access Management (IAM) console.
  2. Click the Policies tab and create a new policy.
  3. In step 1 of the Create policy dialog, select the JSON tab and enter the following definition:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1338559359622",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559372809",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "cloudwatch:DescribeAlarms"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559399560",
      "Action": [
        "elasticache:DescribeCacheClusters"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559439473",
      "Action": [
        "elasticloadbalancing:DescribeLoadBalancers"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559468079",
      "Action": [
        "rds:DescribeDBInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559518608",
      "Action": [
        "sns:ListPlatformApplications",
        "sns:ListTopics"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1338559548992",
      "Action": [
        "sqs:ListQueues"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450719990448",
      "Action": [
        "autoscaling:DescribeAutoScalingGroups"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "Stmt1450720132953",
      "Action": [
        "lambda:ListFunctions"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "CostExplorerRead",
      "Effect": "Allow",
      "Action": [
        "ce:GetCostAndUsage",
        "ce:GetCostForecast",
        "ce:GetDimensionValues",
        "ce:GetCostAndUsageWithResources",
        "ce:GetUsageForecast"
      ],
      "Resource": "*"
     }
   ]
 }

4. In step 2 of the Create policy dialog, give the new policy a meaningful name, for example, MonitoringPolicy.

Create new policy
Click to enlarge.

5. Click Create policy to save the new policy.

Step 2: Create a new group and attach the new policy

  1. Click the Groups tab.
  2. Create a new group and give it a meaningful name, for example, MonitoringGroup.
  3. On the Attach Policy page, map the new policy to the new group by enabling the check box next to the Policy Name.
  4. Click Next Step to review your settings.

Step 3: Add a new user to the new group

  1. Click the Users tab and create a new user.
  2. Click Add user to groups to add the new user to the new MonitoringGroup.

    Add New User to Group
    Click to enlarge.

  3. Select Programmic Access to give the new user the required permissions for the API key.
  4. To review and confirm the permissions you set, click the Policies tab and select Policy summary.

    CloudWatch Service Details
    Click to enlarge.

Step 4: Generate the Access Key and the Secret Key

  1. Click the Users tab and select the user that you created in Step 3: Add a new user to the new group.
  2. On the Security Credentials tab, select Create Access Key.
  3. Download and store the .csv file that contains the Access Key and the Secret Key.
    Note: The Access Key and the Secret Key are only displayed in the IAM once.
  4. Enter these AWS credentials on the Settings tab of the AWS Cost sensor’s parent device or group in the Credentials for AWS section.

More

Created on Jul 24, 2018 9:05:33 AM by  Brandy Greger [Paessler Support]

Last change on Mar 25, 2020 9:43:52 AM by  Maike Behnsen [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.