The AWS (legacy) StackPack uses AWS CloudWatch for the telemetry on AWS reported topology. During installation of the AWS (legacy) StackPack the user is asked to provide access keys. These access keys are used to authenticate against AWS CloudWatch. In certain situations it is not possible to use long living access keys and instance profiles have to be used when StackState is installed on an AWS EC2 instance.
The AWS (legacy) StackPack installation procedure currently does not support the option for instance profile authentication.
- All AWS (legacy) StackPack releases where StackState is installed on an AWS EC2 instance.
This has been fixed in the updated AWS integration that is shipped together with StackState v4.4 and later.
To resolve the issue in the AWS (legacy) StackPack:
StackState installations that run on AWS EC2 instances have the option to use EC2 instance profiles to authenticate against AWS CloudWatch instead of using access keys. The StackState CloudWatch data source does have EC2 instance profile support. The workaround is to install the AWS (legacy) StackPack using access keys. After installing the StackPack, switch the authentication method to instance profiles in the StackPack provided StackState CloudWatch telemetry data source. To change the CloudWatch telemetry plugin after installing the AWS (legacy) StackPack:
- Open StackState settings
- Open 'CloudWatch sources' page
- Edit the data source for the installed AWS StackPack instance
- Switch the authentication method to the preferred instance profile authentication method
- Update the data source
The same permission policies have to be applied to the instance profile as the IAM user of the access keys.
Do note that this will unlock StackPack provided configuration.