Explore the latest product updates and best practices at our hybrid Checkmk Conference #12 from June 16-18, 2026 – Register here
back to website

Werk #15291: aws: support for us-gov-* and cn-* regions

Component Agent bakery
Title aws: support for us-gov-* and cn-* regions
Date Aug 16, 2023
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.3.0b1 Checkmk Community, Checkmk Pro, Checkmk Ultimate, Checkmk Ultimate MT
2.2.0p9 Checkmk Community, Checkmk Pro, Checkmk Ultimate, Checkmk Ultimate MT

The aws monitoring of checkmk differentiates between global and local services. For global services, and for getting an access token via sts service, checkmk assumed that the global region "us-east-1" can be used.

This assumption is wrong. When hosting aws services in the following regions, you have to use said regions to access the global services:

  • us-gov-east-1
  • us-gov-west-1
  • cn-north-1
  • cn-northwest-1

The error message visible in the debug output of the aws special agent was:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

The global service region can now be configured.

To the list of all Werks