- Newest
- Most votes
- Most comments
I apologize for the delayed response. If you're still encountering this issue, I'd be happy to offer some solutions.
I think this issue could be related to the networking configuration, permissions, or the bucket itself.
-
Since your Grafana instance is accessible only from within the VPC or specific external IP addresses, you need to ensure that the CloudWatch Canary is configured to run within the same VPC. - Running a canary on a VPC
-
Also verify that the S3 bucket policy allows access from the IAM role assigned to the CloudWatch Canary. You can add a bucket policy statement similar to the following:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/<CANARY_IAM_ROLE_NAME>" }, "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::thanos-syn-canary/*", "arn:aws:s3:::thanos-syn-canary" ] } ] }
For more examples on managing buckets with canned ACLs, you can refer to this section of the AWS documentation: Managing Buckets Using Canned ACLs.
Relevant content
- asked 6 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Could you clarify if the Grafana URL is Amazon Managed Grafana? If it is, there is an option when you deploy whether it is publicly accessible or only via VPC. Based on the option you choose the Grafana URL may not be reachable from the CloudWatch RUM.
EC2 Server that we use open source grafana. Is on public DNS and if your external IP is whitelisted it is open and it is also open from inside the VPC.