I have a scenario where I have an On Premise monitoring to which I like to add some monitoring of our AWS resources. It will use a combination of Python and the AWS CLI to do thisW monitoring.
What is not clear to me is what best way is to grant this monitoring too acsess. The options I’ve considered are:
An IAM user with no console access an an assigned policy
An IAM user with only stsAssueRole and a role with the necessary policy assigned
Which is the better solution, or is there some other preferred alternative that I haven’t considered?
The common way is a User service account with a least right Policy and a set of keys.
However I did find a lovely reference that allows you to use a Role to do this.
here they are.
Review these and see if you can make them work for you