2 Answers
- Newest
- Most votes
- Most comments
0
You can restrict access to specific alarms and dashboards by using their Amazon Resource Names (ARNs) in your policies.
Please follow the below link for more details: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html
answered a year ago
0
Unfortunately, if you look at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html, you will see it is currently not possible to restrict GetMetricData or ListMetrics with any resource type or condition key - which corresponds to the sentence you highlighted that explains you have to use the wildcard character (*) in IAM policies.
I am not aware of a workaround and wouldn't know what to advise.
answered a year ago
Relevant content
- asked 20 days ago
AWS OFFICIALUpdated 14 days ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
In this link, "Resource – Use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CloudWatch does not have any resources for you to control using policies resources, so use the wildcard character (*) in IAM policies. For more information, see CloudWatch resources and operations." I tested this using ARN. this can't be applied. I think I can't get specific metric data. Is it right? @Gautam Kumar