- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello there,
I understand that you are trying to create an IAM user that will have least privileges to be able to view enhanced monitoring for a particular RDS database but you are getting a 'Not Authorized' error on the IAM user RDS dashboard although cloudwatch logs are diplaying normally.
The general approach to this problem would be to turn on the “Enhanced Monitoring” option for your Amazon RDS DB Instance and set a granularity and Enhanced Monitoring will collect vital operating system metrics and process information, at the defined granularity.
To set up and enable Enhanced Monitoring, see reference [1].
You can also consider protecting against the confused deputy problem, see reference [1] - Protecting against the confused deputy problem. Make sure that you have the necessary permissions to pass the role to the service.
To allow a user to pass a role to an AWS service, you must grant the PassRole permission to the user's IAM user, role, or group.
References:
[1] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.Enabling.html
Contenus pertinents
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 2 ans
Ok let me check.