We are tested the AWS probe v 5.4 several time and in different ways. It always comes down to the same conclusion. Out of all the accounts being monitored (with the same role/policies) only 1 (the same one) will report AWS service billing data.
We have satisfied the policies required by CA and I can see the billing data from the AWS console on those accounts but the CA probe can't.
Anyone have similar issues? What all permissions and requirements are needed by the probe to provide billing data?
p.s. an interesting note is that the account we can see data through CA probe, WILL NOT let us see billing metrics through the AWS console. Yes the ones we can see from the Console, we can't from the CA probe
The probe requires access to at least the following policies on AWS:
The probe requires the following policies to monitor account billing details, in addition to ReadOnly access for CloudWatch service:
We have all these policies set on the role we use to issue the secret key and accesses key, yet it still does not work. As stated only 1 AWS account from about 10 works (they all use the same role to issue the the secret/access keys)
Since the problem is user specific it seems like there must be something beyond just the role that is different and preventing the others from getting the billing info.