By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

IAM Permissions

0

Hello!

I need access to CloudWatch metrics to work with dashboards. Currently, when trying to access, I'm getting the error: "The security token included in the request is invalid"

Please provide the following permissions:

  1. cloudwatch:GetMetricData
  2. cloudwatch:GetMetricStatistics
  3. cloudwatch:ListMetrics
  4. cloudwatch:GetDashboard
  5. cloudwatch:PutDashboard

My IAM username: ARINAKLEINAMAZONGERM

Thank you!

Topics
Security, Identity, & ComplianceManagement & GovernanceNetworking & Content Delivery
Tags
Security, Identity, & ComplianceAmazon CloudWatchAWS Account ManagementIAM Policies
Language
English
arinaklw
asked a month ago39 views
2 Answers
0

Hello! I understand you're having trouble accessing CloudWatch metrics and dashboards. The error you're receiving suggests there might be an issue with your IAM permissions. Let's address the permissions you've requested and provide some additional information.

To access CloudWatch dashboards and metrics, you'll need specific permissions. Based on your request and best practices, here's what you should have:

  1. cloudwatch:GetMetricData
  2. cloudwatch:GetMetricStatistics
  3. cloudwatch:ListMetrics
  4. cloudwatch:GetDashboard
  5. cloudwatch:PutDashboard

In addition to these, you'll also need:

  1. cloudwatch:ListDashboards (to be able to view dashboards)

If you need to delete dashboards in the future, you might also want to include:

  1. cloudwatch:DeleteDashboards

These permissions can be granted through a custom IAM policy attached to your user (ARINAKLEINAMAZONGERM). Alternatively, your administrator could grant you the CloudWatchFullAccess policy, which includes all necessary permissions for CloudWatch operations.

It's important to note that the "security token is invalid" error often indicates an authentication issue rather than a permissions problem. This could mean:

  1. Your IAM user credentials might have expired.
  2. You might be using incorrect or outdated access keys.
  3. There could be a mismatch between the AWS region you're trying to access and the region your credentials are valid for.

To resolve this:

  1. Verify that your IAM user credentials are current and correct.
  2. Ensure you're using the correct access key and secret access key.
  3. Check that you're accessing the correct AWS region.

If the issue persists after verifying these points and ensuring you have the correct permissions, you may need to contact your AWS account administrator for further assistance. They can review your IAM user settings and permissions to identify any other potential issues.
Sources
CloudWatch dashboard permissions update - Amazon CloudWatch
Review IAM permissions needed for the AWS Glue Studio user - AWS Glue

profile picture
re:Post Agent
answered a month ago
0

If you arte using IAM account separated from root account then someone who have access to root need to add permissions to your IAM user: cloudwatch:GetMetricData cloudwatch:GetMetricStatistics cloudwatch:ListMetrics cloudwatch:GetDashboard cloudwatch:PutDashboard After that you should have access to CloudWatch service

profile picture
NetworkPitu
answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content