Werk #15291: aws: support for us-gov-* and cn-* regions

Component Agent bakery
Title aws: support for us-gov-* and cn-* regions
Date Aug 16, 2023
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.3.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p9 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

The aws monitoring of checkmk differentiates between global and local services. For global services, and for getting an access token via sts service, checkmk assumed that the global region "us-east-1" can be used.

This assumption is wrong. When hosting aws services in the following regions, you have to use said regions to access the global services:

  • us-gov-east-1
  • us-gov-west-1
  • cn-north-1
  • cn-northwest-1

The error message visible in the debug output of the aws special agent was:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

The global service region can now be configured.

To the list of all Werks