Troubleshoot AWS monitoring setup

See Set up proxy authentication for ActiveGate.

If you configure a proxy for an ActiveGate deployed on an EC2 instance, with an attached IAM role, you must ensure that you exempt the address used to access the instance metadata. The address to exempt is the IP address of the instance metadata service, 169.254.169.254. This address is always the same and does not depend on the instance.
In the appropriate section your ActiveGate communication settings, specify proxy-non-proxy-hosts = 169.254.169.254.
For example:

1[http.client]
2proxy-non-proxy-hosts = 169.254.169.254

You have two options:

1[aws_monitoring]
2aws_monitoring_enabled = true

On all the other ActiveGates, set the property to false.

Add *.amazonaws.com to your firewall's list of allowed domains.

An error might occur when attaching a role to an EC2 instance. In such cases, you can use curl to retrieve the instance metadata to verify if the role is listed there. Use the following command:

1curl http://169.254.169.254/latest/meta-data/iam/info

If the attached role is still not listed in the instance metadata, it often helps to reattach it.

For more information, see Instance Metadata and User Data.

To monitor non-default AWS regions—Middle East (Bahrain), Africa (Cape Town), Asia Pacific (Hong Kong), Europe (Milan)—using role-based credentials, you need to modify the IAM STS settings in the AWS IAM console.

For information about differences between built-in services and other services, see Migrate from AWS built-in services to cloud services.