By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post

Updating cloudwatch alarm blocked by permissions

0

I am trying to update thresholds in a cloud watch alarm -- I log in and use CAZ to get admin access. But when I try to edit alarm thresholds or data points and hit "update" I get error:

... is not authorized to perform: cloudwatch:PutMetricAlarm on resource: ... because no session policy allows the PutMetricAlarm action.

Additional details:

  • I can create an S3 bucket on the account but I cannot update or create an alarm.
  • The account doesn't have any cloudwatch specific roles.
  • A few weeks ago when we were still using MPA instead of CAZ we didn't experience these issues -- might be CAZ related.

Thanks!

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
Amazon CloudWatchIAM Policies
Language
English
AWS-User-8097789
asked 15 days ago83 views
2 Answers
1

Hello.

Is it possible to see which IAM policies are currently attached?
The error is due to insufficient permissions to operate CloudWatch.
The permission "cloudwatch:PutMetricAlarm" must be set to edit CloudWatch Alarm.
The following documents may be helpful regarding CloudWatch permissions.
https://repost.aws/knowledge-center/cloudwatch-restrict-console-access
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html

profile picture
EXPERT
Riku_Kobayashi
answered 15 days ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 15 days ago
0

Thanks, I've created the role, but now I can't assign the role, how do I get permissions to do that? I'm reviewing access denied troubleshooting.

AWS-User-8097789
answered 2 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content