Werk #15291: aws: support for us-gov-* and cn-* regions

Component Agent bakery
Title aws: support for us-gov-* and cn-* regions
Date Aug 16, 2023
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.2.0p9 2.3.0b1
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed

The aws monitoring of checkmk differentiates between global and local services. For global services, and for getting an access token via sts service, checkmk assumed that the global region "us-east-1" can be used.

This assumption is wrong. When hosting aws services in the following regions, you have to use said regions to access the global services:

  • us-gov-east-1
  • us-gov-west-1
  • cn-north-1
  • cn-northwest-1

The error message visible in the debug output of the aws special agent was:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

The global service region can now be configured.

To the list of all Werks