ovunccetin
Reputation: 8663
Isolating CloudWatch metrics for Different Customers
Let's imagine a system like below:
- There is a cloud application collecting sensor metrics from various devices and saving these metrics into AWS's CloudWatch.
- These IoT devices may belong to either Customer X or Customer Y.
- A separate organization created for each customer in Grafana. So, they are isolated in terms of their dashboards.
The problem is that the metrics are stored in a common AWS account (even if they are stored in separate CloudWatch namespaces)! So, a member of Customer X can see the metrics of Customer Y by adding a datasource which accesses the namespace of the Customer Y.
Is there a mechanism to have separate credentials to securely isolate CloudWatch namespaces? Or another solution (other than having a separate AWS account for each customer) to fix this problem?
Upvotes: 0
Views: 328
Answers (1)
Jan Garaj
Reputation: 28646
You can use IAM role with condition keys to limit access to particular CloudWatch namespace. So each Grafana organization will use own limited IAM role.
Upvotes: 1
Related Questions
- Unable to access cloudwatch metrics in grafana
- AWS Cloud Watch Custom Metrics for Concurrent users?
- ship cloudwatch metrics across account
- Amazon Web Service CloudWatch custom metrics with dimensions
- Grafana - Configure Custom Metrics from Cloudwatch
- Query AWS CloudWatch custom metrics across dimensions
- CloudWatch metric filter custom metrics
- Query metrics for multiple instances from AWS Cloudwatch
- Custom metric in CloudWatch
- AWS CloudWatch API: getting the database-wide metrics