The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Apache License 2.0
725
stars
233
forks
source link
[BUG][Functional] CloudFront Monitoring Metrics Blocked by Service Control Policy in Workload Accounts #1188
Bug reports which fail to provide the required information will be closed without action.
Required Basic Info
Accelerator Version: v1.5.6-a
Install Type: Upgrade
Upgrade from version: v1.5.5
Describe the bug
When logged into a workload account with administrator access, and attempting to view CloudFront monitoring metrics I get an error message telling me "To view this widget you need cloudwatch:GetMetricData with an explicit deny in a service control policy permission."
Failure Info
What error messages have you identified, if any: "To view this widget you need cloudwatch:GetMetricData with an explicit deny in a service control policy permission."
What symptoms have you identified, if any: I cannot view CloudFront monitoring metric data in a workload account under the SEA's SCPs
Required files
Please provide a copy of your config.json file (sanitize if required)
Steps To Reproduce
In a workload account (prod, dev, test) go to CloudFront and create a distribution.
Click on the distribution and click on "View metrics" in the top right hand corner
See the error message above on the widgets that should show the data (see screenshot below)
Expected behavior
Be able to view the CloudFront metrics data with Admin privileges in the SEA's workload accounts.
Screenshots
Additional context
Add any other context about the problem here.
Bug reports which fail to provide the required information will be closed without action.
Required Basic Info
Describe the bug When logged into a workload account with administrator access, and attempting to view CloudFront monitoring metrics I get an error message telling me "To view this widget you need cloudwatch:GetMetricData with an explicit deny in a service control policy permission."
Failure Info
Required files
Steps To Reproduce
Expected behavior Be able to view the CloudFront metrics data with Admin privileges in the SEA's workload accounts.
Screenshots
Additional context Add any other context about the problem here.