diff --git a/plugins/outputs/cloudwatch/README.md b/plugins/outputs/cloudwatch/README.md
index 5544b25c79583402947cdae3a2b2a84119588591..c44ac4ead97f3a65acf93def8d52f6b2e88bc7f6 100644
--- a/plugins/outputs/cloudwatch/README.md
+++ b/plugins/outputs/cloudwatch/README.md
@@ -13,6 +13,8 @@ API endpoint. In the following order the plugin will attempt to authenticate.
5. [Shared Credentials](https://github.com/aws/aws-sdk-go/wiki/configuring-sdk#shared-credentials-file)
6. [EC2 Instance Profile](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
+The IAM user needs only the `cloudwatch:PutMetricData` permission.
+
## Config
For this output plugin to function correctly the following variables
diff --git a/plugins/outputs/cloudwatch/cloudwatch.go b/plugins/outputs/cloudwatch/cloudwatch.go
index a04e86cdeeb59d0b4005a320cf96a2f002a01804..b14953dbe803d1f557d5d6595a3231d0ea43d152 100644
--- a/plugins/outputs/cloudwatch/cloudwatch.go
+++ b/plugins/outputs/cloudwatch/cloudwatch.go
@@ -9,6 +9,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/cloudwatch"
+ "github.com/aws/aws-sdk-go/service/sts"
"github.com/influxdata/telegraf"
internalaws "github.com/influxdata/telegraf/internal/config/aws"
@@ -71,21 +72,20 @@ func (c *CloudWatch) Connect() error {
}
configProvider := credentialConfig.Credentials()
- svc := cloudwatch.New(configProvider)
+ stsService := sts.New(configProvider)
- params := &cloudwatch.ListMetricsInput{
- Namespace: aws.String(c.Namespace),
- }
+ params := &sts.GetSessionTokenInput{}
- _, err := svc.ListMetrics(params) // Try a read-only call to test connection.
+ _, err := stsService.GetSessionToken(params)
if err != nil {
- log.Printf("E! cloudwatch: Error in ListMetrics API call : %+v \n", err.Error())
+ log.Printf("E! cloudwatch: Cannot use credentials to connect to AWS : %+v \n", err.Error())
+ return err
}
- c.svc = svc
+ c.svc = cloudwatch.New(configProvider)
- return err
+ return nil
}
func (c *CloudWatch) Close() error {