Help Center/ Cloud Eye/ FAQs/ Server Monitoring/ Agent Installation/ How Do I Configure an Agency?
Updated on 2024-01-11 GMT+08:00

How Do I Configure an Agency?

To enable you to monitor servers more securely and efficiently, Cloud Eye provides the latest Agent permission-granting method. That is, before installing Agents, you only need to click Configure on the Server Monitoring page of the Cloud Eye console, or select cesgency for Agency in Advanced Options when buying an ECS, the system automatically performs temporary AK/SK authorization for the Agents installed on all ECSs or BMSs in the region. And in the future, newly created ECSs or BMSs in this region will automatically get this authorization. This section describes the authorization as follows:

  • Authorization object

On the Cloud Eye console, if you choose Server Monitoring > Elastic Cloud Server (or Bare Metal Server), selecting an ECS (or BMS), and click One-Click Restore, the system automatically creates an agency named cesagency on IAM. This agency is automatically granted to Cloud Eye internal account op_svc_ces.

If the system displays a message indicating that you do not have the required permissions, obtain the permissions by referring to What Can I Do If the System Displays a Message Indicating Insufficient Permissions When I Click Configure on the Server Monitoring Page?

  • Authorization scope

Add the CES AgentAccess permissions to internal account op_svc_ces in the region.

  • Authorization reason
    The Cloud Eye Agent runs on ECSs or BMSs and reports the collected monitoring data to Cloud Eye. After being authorized, the Agent automatically obtains a temporary AK/SK. As a result, you can query the ECS or BMS monitoring data on the Cloud Eye console or by calling the Cloud Eye APIs.
    1. Security: The AK/SK used by the Agent is only the temporary AK/SK that has the CES AgentAccess permissions. That is, the temporary AK/SK can only be used to operate Cloud Eye resources.
    2. Convenient: You only need to configure the Cloud Eye Agent once in each region instead of manually configuring each Agent.