Help Center/ Cloud Eye/ FAQs/ Product Usage/ Server Monitoring/ How Does the Cloud Eye Agent Obtain a Temporary AK/SK?
Updated on 2025-08-01 GMT+08:00

How Does the Cloud Eye Agent Obtain a Temporary AK/SK?

To enable you to monitor servers more securely and efficiently, Cloud Eye provides the latest Agent permission-granting method. That is, before installing Agents, you only need to click Configure on the Server Monitoring page of the Cloud Eye console, or select cesgency for Agency in Advanced Options when creating an ECS. The system automatically authorizes the Agent and provides a temporary AK/SK for the Agent. New ECSs or BMSs in this region will automatically get this authorization, which is detailed as follows:

  • Authorization scope

    Add the CES Administrator permission to internal account op_svc_ces in the region.

  • Authorization reason
    The Cloud Eye Agent runs on ECSs or BMSs and reports the collected monitoring data to Cloud Eye. After being authorized, the Agent automatically obtains a temporary AK/SK. This way, you can query the ECS or BMS monitoring data on the Cloud Eye console or by calling the Cloud Eye APIs.
    • Secure: The AK/SK used by the Agent is temporary and has only the CES Administrator permissions to allow you to operate Cloud Eye resources.
    • Convenient: You only need to configure the Cloud Eye Agent once in each region instead of manually configuring each Agent.
If cesagency cannot be found on the IAM Agencies page after authorization, you can manually create it on the IAM console. For details, see Creating an Agency (by a Delegating Party).
  • The name of the agency to be created must be cesagency.
  • If Agency Type is set to Common account, Delegated Account must be op_svc_ces.