search cancel

APM - APMIA AWS extension - Permissions for apigateway service

book

Article ID: 243018

calendar_today

Updated On:

Products

CA Application Performance Management SaaS

Issue/Introduction

We have APMIA AWS extension running and trying to monitor apigateway AWS service. It is added to the schemalist. However, in the logs we see the below error.

Let us know what specific role we need in AWS to get this to work?

https://logs.us-east-1.amazonaws.com/?dummy=xxx-stack-sample-sw49test-dev-apigateway-someapilog1796FC1B0-8ujsjsDM6PFg
        {"__type":"AccessDeniedException","Message":"User: arn:aws:sts::823177619133:assumed-role/xxx_aws_broadcom_webmonitoring_tool_role/session1 is not authorized to perform: logs:DescribeSubscriptionFilters on resource: arn:aws:logs:us-east-1:823177619133:log-group:xxx-stack-sample-sw49test-dev-apigateway-someapilog1796FC1B0-8ujsjsDM6PFg:log-stream: because no identity-based policy allows the logs:DescribeSubscriptionFilters action"}, retry :0

Environment

Release : SAAS

Component : Integration with APM

Resolution

1. Follow the doc to add permissions:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-apm-saas/SaaS/deploy-and-configure-dx-apm-agents/infrastructure-agent/Amazon-Web-Services-Monitoring/Configure-AWS-Monitoring/Role-Based-Approach.html

 

2. Please add "logs:DescribeSubscriptionFilters" to the list as well. We'll update the doc soon.