2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
You can restrict access to specific alarms and dashboards by using their Amazon Resource Names (ARNs) in your policies.
Please follow the below link for more details: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html
con risposta 2 anni fa
0
Unfortunately, if you look at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html, you will see it is currently not possible to restrict GetMetricData or ListMetrics with any resource type or condition key - which corresponds to the sentence you highlighted that explains you have to use the wildcard character (*) in IAM policies.
I am not aware of a workaround and wouldn't know what to advise.
con risposta 2 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 4 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
In this link, "Resource – Use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CloudWatch does not have any resources for you to control using policies resources, so use the wildcard character (*) in IAM policies. For more information, see CloudWatch resources and operations." I tested this using ARN. this can't be applied. I think I can't get specific metric data. Is it right? @Gautam Kumar