Werk #17485: Enhanced AWS authentication for AWS hosted Checkmk instances

Component Checks & agents
Title Enhanced AWS authentication for AWS hosted Checkmk instances
Date Dec 16, 2024
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

The authentication and access to AWS resources can now be configured explicitly in the following cases:

  • access key ID
    • the previous default authentication method
    • required for non AWS hosted Checkmk instances
  • access key ID + IAM-Role
    • required for non AWS hosted Checkmk instances
    • assuming a certain (3rd party) AWS IAM role
  • only IAM-Role
    • new added method
    • for AWS-hosted Checkmk instances only
    • no access key ID required
    • assuming a certain (3rd party) AWS IAM role
  • none
    • new added method
    • for AWS-hosted Checkmk instances only
    • no access key ID required
    • using the AWS EC2 instance role of the Checkmk instance

The configuration "only IAM-Role"" and "none" especially allow omitting an access key ID, when the Checkmk instance is hosted on an AWS EC2 instance. This allows to fully benefit from the best practices of AWS Security Token Service (additional AWS IAM configurations may be required).

To the list of all Werks