As an IT Infrastructure Manager managing a multi-account AWS landing zone,
I want to configure PRTG to use the AWS STS AssumeRole mechanism from a single central monitoring account,
so that I can monitor resources across all AWS accounts without creating and managing dedicated IAM users with access keys in each account, thereby improving security and reducing operational overhead.

Use case:

Our AWS environment consists of a landing zone with many accounts. We need to monitor resources across all accounts, but for security reasons we cannot have a user with access keys in each account. We could have a single user in a dedicated monitoring account, but not in all accounts.

To avoid having to use a user in each account, we want to use the assume role process so that, from a central monitoring account, (either via a user or by using the IAM role attached to the EC2 instance where the monitoring tool is deployed) we can assume monitoring roles in other accounts and retrieve monitoring metrics.

In the current setup, we have only found configurations that require one user per account, and we need to understand where we can configure the roles required to perform the assume role process.