The CN-MGMT pod
requires necessary permissions to access the Cloudwatch resource,
collect CN-NGFW metrics, and publish custom metrics to Cloudwatch.
This is done by adding the
CloudWatchFullAccess
policy
to the node IAM role which you specified while creating the nodegroup.