Amazon Managed Service for Prometheus, a fully managed Prometheus-compatible monitoring service, now supports resource-based policies, making it easier to build applications that work across accounts. With resource-based policies, you can specify which Identity and Access Management (IAM) principals have access to ingest or query your Amazon Managed Service for Prometheus workspace.
To allow cross-account ingestion into an Amazon Managed Service for Prometheus workspace or query the metrics using PromQL from a different account, customers so far had to assume an IAM role in the workspace owner account. With this launch, you now can attach a resource-based policy to an Amazon Managed Service for Prometheus workspace and allow-list non-workspace owner to perform any actions using Prometheus-compatible APIs.
This feature is now available in all regions where Amazon Managed Service for Prometheus is generally available.
To learn more about Amazon Managed Service for Prometheus collector, visit the user guide or product page.
Source:: Amazon AWS