Updating cloudwatch alarm blocked by permissions

Question

I am trying to update thresholds in a cloud watch alarm -- I log in and use CAZ to get admin access.  But when I try to edit alarm thresholds or data points and hit "update" I get error:

... is not authorized to perform: cloudwatch:PutMetricAlarm on resource: ... because no session policy allows the PutMetricAlarm action.

Additional details:
- I can create an S3 bucket on the account but I cannot update or create an alarm.  
- The account doesn't have any cloudwatch specific roles.  
- A few weeks ago when we were still using MPA instead of CAZ we didn't experience these issues -- might be CAZ related.

Thanks!

Answer

Hello.

Is it possible to see which IAM policies are currently attached?  
The error is due to insufficient permissions to operate CloudWatch.  
The permission "cloudwatch:PutMetricAlarm" must be set to edit CloudWatch Alarm.  
The following documents may be helpful regarding CloudWatch permissions.  
https://repost.aws/knowledge-center/cloudwatch-restrict-console-access  
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html

Answer

Thanks, I've created the role, but now I can't assign the role, how do I get permissions to do that? I'm reviewing access denied troubleshooting.

Updating cloudwatch alarm blocked by permissions

相关内容