2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
You can restrict access to specific alarms and dashboards by using their Amazon Resource Names (ARNs) in your policies.
Please follow the below link for more details: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html
回答済み 2年前
0
Unfortunately, if you look at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html, you will see it is currently not possible to restrict GetMetricData or ListMetrics with any resource type or condition key - which corresponds to the sentence you highlighted that explains you have to use the wildcard character (*) in IAM policies.
I am not aware of a workaround and wouldn't know what to advise.
回答済み 2年前
関連するコンテンツ
AWS公式更新しました 10ヶ月前- AWS公式更新しました 2年前
- AWS公式更新しました 10ヶ月前
In this link, "Resource – Use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CloudWatch does not have any resources for you to control using policies resources, so use the wildcard character (*) in IAM policies. For more information, see CloudWatch resources and operations." I tested this using ARN. this can't be applied. I think I can't get specific metric data. Is it right? @Gautam Kumar