How Does the Cloud Eye Agent Obtain a Temporary AK/SK by Authorization?
To enable you to monitor servers more securely and efficiently, Cloud Eye provides the latest Agent permission-granting method. That is, before installing Agents, you only need to click Configure on the Server Monitoring page of the Cloud Eye console, or select cesgency for Agency in Advanced Options when buying an ECS, the system automatically performs temporary AK/SK authorization for the Agents installed on all ECSs or BMSs in the region. And in the future, newly created ECSs or BMSs in this region will automatically get this authorization. This section describes the authorization as follows:
- Authorization object
On the Cloud Eye console, if you choose Server Monitoring > Elastic Cloud Server (or Bare Metal Server), selecting an ECS (or BMS), and click One-Click Restore, the system automatically creates an agency named cesagency on IAM. This agency is automatically granted to Cloud Eye internal account op_svc_ces.
If the system displays a message indicating that you do not have the required permissions, obtain the permissions by referring to What Can I Do If the System Displays a Message Indicating Insufficient Permissions When I Click Configure on the Server Monitoring Page?
- Authorization scope
Add the CES Administrator permission to internal account op_svc_ces in the region.
- Authorization reason
The Cloud Eye Agent runs on ECSs or BMSs and reports the collected monitoring data to Cloud Eye. After being authorized, the Agent automatically obtains a temporary AK/SK. As a result, you can query the ECS or BMS monitoring data on the Cloud Eye console or by calling the Cloud Eye APIs.
- Security: The AK/SK used by the Agent is only the temporary AK/SK that has the CES Administrator permissions. That is, the temporary AK/SK can only be used to operate Cloud Eye resources.
- Convenient: You only need to configure the Cloud Eye Agent once in each region instead of manually configuring each Agent.
- If cesagency cannot be found on the IAM Agencies page after authorization, you can manually create it on the IAM console. For details, see Creating an Agency (by a Delegating Party).
- The name of the agency to be created must be cesagency.
- If Agency Type is set to Common account, Delegated Account must be op_svc_ces.
Agent Installation FAQs
- How Do I Configure DNS and Security Groups?
- How Do I Configure an Agency?
- How Does the Cloud Eye Agent Obtain a Temporary AK/SK by Authorization?
- What OSs Does the Agent Support?
- Resource Usage and Circuit Breaker Pattern of Agent
- What Should I Do If the Monitoring Is Periodically Interrupted or the Agent Status Keeps Changing?
- What Should I Do If a Service Port Is Used by the Agent?
- Troubleshooting Agent One-Click Restoration Failures
- No Monitoring Data Is Displayed After One-Click Restoration Performed for the Agent
- Does the Server Monitoring Agent Affect Server Performance?
- Troubleshooting the Problem of Reported Metrics Being Discarded
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
