2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
0
You can restrict access to specific alarms and dashboards by using their Amazon Resource Names (ARNs) in your policies.
Please follow the below link for more details: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html
respondido há 2 anos
0
Unfortunately, if you look at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html, you will see it is currently not possible to restrict GetMetricData or ListMetrics with any resource type or condition key - which corresponds to the sentence you highlighted that explains you have to use the wildcard character (*) in IAM policies.
I am not aware of a workaround and wouldn't know what to advise.
respondido há 2 anos
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 meses
In this link, "Resource – Use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CloudWatch does not have any resources for you to control using policies resources, so use the wildcard character (*) in IAM policies. For more information, see CloudWatch resources and operations." I tested this using ARN. this can't be applied. I think I can't get specific metric data. Is it right? @Gautam Kumar