Werk #15291: aws: support for us-gov-* and cn-* regions
Component | Agent bakery | ||||||
Title | aws: support for us-gov-* and cn-* regions | ||||||
Date | Aug 16, 2023 | ||||||
Level | Trivial Change | ||||||
Class | Bug Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
The aws monitoring of checkmk differentiates between global and local services. For global services, and for getting an access token via sts service, checkmk assumed that the global region "us-east-1" can be used.
This assumption is wrong. When hosting aws services in the following regions, you have to use said regions to access the global services:
- us-gov-east-1
- us-gov-west-1
- cn-north-1
- cn-northwest-1
The error message visible in the debug output of the aws special agent was:
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
The global service region can now be configured.