2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
0
You can restrict access to specific alarms and dashboards by using their Amazon Resource Names (ARNs) in your policies.
Please follow the below link for more details: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html
respondido hace 2 años
0
Unfortunately, if you look at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html, you will see it is currently not possible to restrict GetMetricData or ListMetrics with any resource type or condition key - which corresponds to the sentence you highlighted that explains you have to use the wildcard character (*) in IAM policies.
I am not aware of a workaround and wouldn't know what to advise.
respondido hace 2 años
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- ¿Qué grupo de registros está causando un aumento repentino en mi factura de Registros de CloudWatch?OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
In this link, "Resource – Use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CloudWatch does not have any resources for you to control using policies resources, so use the wildcard character (*) in IAM policies. For more information, see CloudWatch resources and operations." I tested this using ARN. this can't be applied. I think I can't get specific metric data. Is it right? @Gautam Kumar