Updating cloudwatch alarm blocked by permissions


I am trying to update thresholds in a cloud watch alarm -- I log in and use CAZ to get admin access. But when I try to edit alarm thresholds or data points and hit "update" I get error:

... is not authorized to perform: cloudwatch:PutMetricAlarm on resource: ... because no session policy allows the PutMetricAlarm action.  

Additional details:

  • I can create an S3 bucket on the account but I cannot update or create an alarm.
  • The account doesn't have any cloudwatch specific roles.
  • A few weeks ago when we were still using MPA instead of CAZ we didn't experience these issues -- might be CAZ related.


2 Risposte


Is it possible to see which IAM policies are currently attached?
The error is due to insufficient permissions to operate CloudWatch.
The permission "cloudwatch:PutMetricAlarm" must be set to edit CloudWatch Alarm.
The following documents may be helpful regarding CloudWatch permissions.

profile picture
con risposta 9 mesi fa
profile pictureAWS
verificato 9 mesi fa

Thanks, I've created the role, but now I can't assign the role, how do I get permissions to do that? I'm reviewing access denied troubleshooting.

con risposta 9 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande