cloudwatch output uses ListMetricData #3319

adamchainz · 2017-10-10T13:12:59Z

Bug report

When starting the Cloudwatch output plugin, it tries to list some metrics, even though this isn't needed for normal operation:

Line 62 in ac1fa05

func (c *CloudWatch) Connect() error {

. Thus the AWS credentials in use need access to ListMetricData even though when in use the plugin only needs PutMetricData.

The required permissions aren't even documented for the plugin.

[[outputs.cloudwatch]]
region = "us-east-1"
namespace = "foo"

Latest telegraf

Successful start

It fails

AWS STS GetSessionToken can be used to test connection without needing any specific permissions: https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.GetSessionToken

The text was updated successfully, but these errors were encountered:

danielnelson · 2017-10-10T18:08:44Z

Thanks for the report, I agree on all points. Is this something you would be able to work on?

adamchainz · 2017-10-10T18:24:02Z

Never used this language before but I’ll give it a... Go

danielnelson added the bug unexpected problem or unintended behavior label Oct 10, 2017

danielnelson added this to the 1.5.0 milestone Oct 10, 2017

adamchainz mentioned this issue Oct 12, 2017

Improved Cloudwatch output plugin Connect() #3335

Merged

3 tasks

danielnelson closed this as completed in #3335 Oct 13, 2017

adamchainz mentioned this issue Sep 12, 2018

don't try to reach STS if role_arn is not specified #4681

Closed

3 tasks